Linux Kernel Out-of-Bounds Access Vulnerability in Media Venus HFI Parser

Vulnerability

A vulnerability in the Linux kernel's media subsystem, specifically within the Venus HFI parser, has been addressed. The issue arose because the 'init_codecs' function could be called multiple times with manipulated payloads from video firmware. This could lead to the 'codecs_count' exceeding the maximum allowed number, causing an out-of-bounds access. The vulnerability has been mitigated by resetting the count to ensure it starts from the beginning.

Impact

Exploitation of this vulnerability could lead to out-of-bounds memory access, which may cause memory corruption or allow for arbitrary code execution.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Out-of-Bounds Access Vulnerability in Media Venus HFI Parser

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating