SB20250916369 - Incorrect calculation in Linux kernel soc qcom driver
Published: September 16, 2025
Security Bulletin ID
SB20250916369
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Incorrect calculation (CVE-ID: CVE-2025-39787)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the qcom_mdt_get_size(), qcom_mdt_read_metadata() and __qcom_mdt_load() functions in drivers/soc/qcom/mdt_loader.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0d59ce2bfc3bb13abe6240335a1bf7b96536d022
- https://git.kernel.org/stable/c/1096eb63ecfc8df90b70cd068e6de0c2ff204dfd
- https://git.kernel.org/stable/c/43d26997d88c4056fce0324e72f62556bc7e8e8d
- https://git.kernel.org/stable/c/81278be4eb5f08ba2c68c3055893e61cc03727fe
- https://git.kernel.org/stable/c/87bfabb3b2f46827639173f143aa43f7cfc0a7e6
- https://git.kernel.org/stable/c/981c845f29838e468a9bfa87f784307193a31297
- https://git.kernel.org/stable/c/9f9967fed9d066ed3dae9372b45ffa4f6fccfeef
- https://git.kernel.org/stable/c/e1720eb32acf411c328af6a8c8f556c94535808e