SB2025090847 - Out-of-bounds read in Linux kernel qcom venus driver
Published: September 8, 2025
Security Bulletin ID
SB2025090847
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2025-39710)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the venus_write_queue() and venus_read_queue() functions in drivers/media/platform/qcom/venus/hfi_venus.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0520c89f6280d2b60ab537d5743601185ee7d8ab
- https://git.kernel.org/stable/c/2d8cea8310a245730816a1fd0c9fa4a5a3bdc68c
- https://git.kernel.org/stable/c/49befc830daa743e051a65468c05c2ff9e8580e6
- https://git.kernel.org/stable/c/7638bae4539dcebc3f68fda74ac35d73618ec440
- https://git.kernel.org/stable/c/ba567c2e52fbcf0e20502746bdaa79e911c2e8cf
- https://git.kernel.org/stable/c/ef09b96665f16f3f0bac4e111160e6f24f1f8791
- https://git.kernel.org/stable/c/f0cbd9386f974d310a0d20a02e4a1323e95ea654
- https://git.kernel.org/stable/c/f5b7a943055a4a106d40a03bacd940e28cc1955f