-

CVE-2025-39787

EPSS 0.03%
Veröffentlicht 11.09.2025 16:56:36
Zuletzt bearbeitet 15.09.2025 15:22:38
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

soc: qcom: mdt_loader: Ensure we don't read past the ELF header

When the MDT loader is used in remoteproc, the ELF header is sanitized
beforehand, but that's not necessary the case for other clients.

Validate the size of the firmware buffer to ensure that we don't read
past the end as we iterate over the header. e_phentsize and e_shentsize
are validated as well, to ensure that the assumptions about step size in
the traversal are valid.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 1096eb63ecfc8df90b70cd068e6de0c2ff204dfd

Version 2aad40d911eeb7dcac91c669f2762a28134f0eb1

Status affected

Version < e1720eb32acf411c328af6a8c8f556c94535808e

Version 2aad40d911eeb7dcac91c669f2762a28134f0eb1

Status affected

Version < 0d59ce2bfc3bb13abe6240335a1bf7b96536d022

Version 2aad40d911eeb7dcac91c669f2762a28134f0eb1

Status affected

Version < 43d26997d88c4056fce0324e72f62556bc7e8e8d

Version 2aad40d911eeb7dcac91c669f2762a28134f0eb1

Status affected

Version < 981c845f29838e468a9bfa87f784307193a31297

Version 2aad40d911eeb7dcac91c669f2762a28134f0eb1

Status affected

Version < 87bfabb3b2f46827639173f143aa43f7cfc0a7e6

Version 2aad40d911eeb7dcac91c669f2762a28134f0eb1

Status affected

Version < 81278be4eb5f08ba2c68c3055893e61cc03727fe

Version 2aad40d911eeb7dcac91c669f2762a28134f0eb1

Status affected

Version < 9f9967fed9d066ed3dae9372b45ffa4f6fccfeef

Version 2aad40d911eeb7dcac91c669f2762a28134f0eb1

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 4.11

Status affected

Version < 4.11

Version 0

Status unaffected

Version <= 5.4.*

Version 5.4.297

Status unaffected

Version <= 5.10.*

Version 5.10.241

Status unaffected

Version <= 5.15.*

Version 5.15.190

Status unaffected

Version <= 6.1.*

Version 6.1.149

Status unaffected

Version <= 6.6.*

Version 6.6.103

Status unaffected

Version <= 6.12.*

Version 6.12.44

Status unaffected

Version <= 6.16.*

Version 6.16.4

Status unaffected

Version <= *

Version 6.17-rc1

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.077

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/1096eb63ecfc8df90b70cd068e6de0c2ff204dfd

https://git.kernel.org/stable/c/e1720eb32acf411c328af6a8c8f556c94535808e

https://git.kernel.org/stable/c/0d59ce2bfc3bb13abe6240335a1bf7b96536d022

https://git.kernel.org/stable/c/43d26997d88c4056fce0324e72f62556bc7e8e8d

https://git.kernel.org/stable/c/981c845f29838e468a9bfa87f784307193a31297

https://git.kernel.org/stable/c/87bfabb3b2f46827639173f143aa43f7cfc0a7e6

https://git.kernel.org/stable/c/81278be4eb5f08ba2c68c3055893e61cc03727fe

https://git.kernel.org/stable/c/9f9967fed9d066ed3dae9372b45ffa4f6fccfeef

https://nvd.nist.gov/vuln/detail/CVE-2025-39787

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-39787

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-39787

EUVD