Buffer Overflow Vulnerability in Linux Kernel Affecting Qcomm MDT Loader
CVE-2025-39787

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 11 September 2025

What is CVE-2025-39787?

A buffer overflow vulnerability exists in the Linux kernel specifically within the Qualcomm MDT loader. The issue arises when the MDT loader processes the ELF header, potentially allowing for the reading of data beyond the allocated boundary of the firmware buffer. This vulnerability can be exploited if the firmware buffer size is not properly validated, leading to potential unauthorized memory access. It has been addressed by ensuring proper sanitation of the ELF header and validation of header-related sizes such as e_phentsize and e_shentsize to maintain traversal integrity.

Affected Version(s)

Linux 2aad40d911eeb7dcac91c669f2762a28134f0eb1 < 1096eb63ecfc8df90b70cd068e6de0c2ff204dfd

Linux 2aad40d911eeb7dcac91c669f2762a28134f0eb1

Linux 2aad40d911eeb7dcac91c669f2762a28134f0eb1 < 0d59ce2bfc3bb13abe6240335a1bf7b96536d022

References

https://git.kernel.org/stable/c/1096eb63ecfc8df90b70cd068...

https://git.kernel.org/stable/c/e1720eb32acf411c328af6a8c...

https://git.kernel.org/stable/c/0d59ce2bfc3bb13abe6240335...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 11, 2025
Vulnerability Reserved
Apr 16, 2025