SB2025090856 - NULL pointer dereference in Linux kernel qcom venus driver
Published: September 8, 2025
Security Bulletin ID
SB2025090856
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2025-39709)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the venus_probe() function in drivers/media/platform/qcom/venus/core.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/18c2b2bd982b8546312c9a7895515672169f28e0
- https://git.kernel.org/stable/c/3200144a2fa4209dc084a19941b9b203b43580f0
- https://git.kernel.org/stable/c/37cc0ac889b018097c217c5929fd6dc2aed636a1
- https://git.kernel.org/stable/c/639eb587f977c02423f4762467055b23902b4131
- https://git.kernel.org/stable/c/88cf63c2599761c48dec8f618d57dccf8f6f4b53
- https://git.kernel.org/stable/c/9db6a78bc5e418e0064e2248c8f3b9b9e8418646
- https://git.kernel.org/stable/c/e796028b4835af00d9a38ebbb208ec3a6634702a
- https://git.kernel.org/stable/c/f54be97bc69b1096198b6717c150dec69f2a1b4d