5.5

CVE-2025-39787

EPSS 0.01%
Veröffentlicht 11.09.2025 16:56:36
Zuletzt bearbeitet 16.01.2026 20:25:29
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

soc: qcom: mdt_loader: Ensure we don't read past the ELF header

When the MDT loader is used in remoteproc, the ELF header is sanitized
beforehand, but that's not necessary the case for other clients.

Validate the size of the firmware buffer to ensure that we don't read
past the end as we iterate over the header. e_phentsize and e_shentsize
are validated as well, to ensure that the assumptions about step size in
the traversal are valid.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 13

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 4.11 < 5.4.297

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.241

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.190

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.149

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.103

Linux ≫ Linux Kernel Version >= 6.7 < 6.12.44

Linux ≫ Linux Kernel Version >= 6.13 < 6.16.4

Debian ≫ Debian Linux Version11.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.01

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/1096eb63ecfc8df90b70cd068e6de0c2ff204dfd

Patch

https://git.kernel.org/stable/c/e1720eb32acf411c328af6a8c8f556c94535808e

Patch

https://git.kernel.org/stable/c/0d59ce2bfc3bb13abe6240335a1bf7b96536d022

Patch

https://git.kernel.org/stable/c/43d26997d88c4056fce0324e72f62556bc7e8e8d

Patch

https://git.kernel.org/stable/c/981c845f29838e468a9bfa87f784307193a31297

Patch

https://git.kernel.org/stable/c/87bfabb3b2f46827639173f143aa43f7cfc0a7e6

Patch

https://git.kernel.org/stable/c/81278be4eb5f08ba2c68c3055893e61cc03727fe

Patch

https://git.kernel.org/stable/c/9f9967fed9d066ed3dae9372b45ffa4f6fccfeef

Patch

https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-39787

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-39787

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-39787

EUVD