Linux Kernel imx-jpeg Media Subsystem Buffer Size Vulnerability Allowing Memory Out-of-Bounds Access

Vulnerability

A vulnerability in the Linux kernel's media subsystem, specifically within the imx-jpeg driver, has been addressed. This issue involved improper handling of image buffer sizes in relation to the encoder and decoder, which could lead to memory out-of-bounds errors. The vulnerability arose because the hardware supported arbitrary image dimensions without proper alignment, potentially allowing for exploitation. The updated driver now aligns buffer sizes upwards for both encoding and decoding processes, mitigating the risk of memory access errors while maintaining the original picture resolution.

Impact

The vulnerability could lead to memory out-of-bounds access, which often allows for arbitrary code execution or causing a denial-of-service condition by crashing the system.

Added: Jun 18, 2025, 2:34 PM

Updated: Jun 18, 2025, 2:34 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

7.7

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

7.7

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel imx-jpeg Media Subsystem Buffer Size Vulnerability Allowing Memory Out-of-Bounds Access

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating