CVE-2025-38679

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> media: venus: Fix OOB read due to missing payload bound check<br /> <br /> Currently, The event_seq_changed() handler processes a variable number<br /> of properties sent by the firmware. The number of properties is indicated<br /> by the firmware and used to iterate over the payload. However, the<br /> payload size is not being validated against the actual message length.<br /> <br /> This can lead to out-of-bounds memory access if the firmware provides a<br /> property count that exceeds the data available in the payload. Such a<br /> condition can result in kernel crashes or potential information leaks if<br /> memory beyond the buffer is accessed.<br /> <br /> Fix this by properly validating the remaining size of the payload before<br /> each property access and updating bounds accordingly as properties are<br /> parsed.<br /> <br /> This ensures that property parsing is safely bounded within the received<br /> message buffer and protects against malformed or malicious firmware<br /> behavior.