Out-of-Bounds Access in Linux Kernel Affects Device Interfacing
CVE-2025-40114

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 18 April 2025

Summary

A vulnerability in the Linux kernel's device interfacing component affects the veml6075_read_int_time_ms function, which improperly calculates array access indices. The function failed to enforce limits on the index value, allowing potential out-of-bounds access to an array intended to store light sensor data. While this issue could lead to erratic behavior or security risks under certain conditions—especially with faulty hardware—the vulnerability is addressed with added array bounds checks to enhance system resilience against such errors.

Affected Version(s)

Linux 3b82f43238aecd73464aeacc9c73407079511533 < 7a40b52d4442178bee0cf1c36bc450ab951cef0f

Linux 3b82f43238aecd73464aeacc9c73407079511533 < 18a08b5632809faa671279b3cd27d5f96cc5a3f0

Linux 3b82f43238aecd73464aeacc9c73407079511533 < 9c40a68b7f97fa487e6c7e67fcf4f846a1f96692

References

https://git.kernel.org/stable/c/7a40b52d4442178bee0cf1c36...

https://git.kernel.org/stable/c/18a08b5632809faa671279b3c...

https://git.kernel.org/stable/c/9c40a68b7f97fa487e6c7e67f...

Timeline

Vulnerability published
Apr 18, 2025
Vulnerability Reserved
Apr 16, 2025