Out-of-Bounds Memory Access Vulnerability in Linux Kernel Media Component
CVE-2025-39710

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 5 September 2025

What is CVE-2025-39710?

A vulnerability in the Linux kernel media component allows for potential out-of-bounds memory access due to a lack of checks on packet size after reading from shared memory. This oversight allows malicious actors to exploit packet size values provided by firmware, potentially leading to unauthorized access or crashes. The recent update addresses this issue by implementing robust checks to ensure packet sizes do not exceed the allocated memory, thereby securing the kernel's operation.

Affected Version(s)

Linux d96d3f30c0f2f564f6922bf4ccdf4464992e31fb < 0520c89f6280d2b60ab537d5743601185ee7d8ab

Linux d96d3f30c0f2f564f6922bf4ccdf4464992e31fb

References

https://git.kernel.org/stable/c/0520c89f6280d2b60ab537d57...

https://git.kernel.org/stable/c/f5b7a943055a4a106d40a03ba...

https://git.kernel.org/stable/c/ef09b96665f16f3f0bac4e111...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 5, 2025
Vulnerability Reserved
Apr 16, 2025