#VU107682 Out-of-bounds read in Linux kernel - CVE-2025-40114
Published: April 22, 2025 / Updated: May 10, 2025
Vulnerability identifier: #VU107682
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-40114
CWE-ID: CWE-125
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the veml6075_read_uv_direct() function in drivers/iio/light/veml6075.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/18a08b5632809faa671279b3cd27d5f96cc5a3f0
- https://git.kernel.org/stable/c/7a40b52d4442178bee0cf1c36bc450ab951cef0f
- https://git.kernel.org/stable/c/9c40a68b7f97fa487e6c7e67fcf4f846a1f96692
- https://git.kernel.org/stable/c/ee735aa33db16c1fb5ebccbaf84ad38f5583f3cc
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.23
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.13.11
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.14.2