CVE-2025-39787

Description

In the Linux kernel, the following vulnerability has been resolved:soc: qcom: mdt_loader: Ensure we dont read past the ELF headerWhen the MDT loader is used in remoteproc, the ELF header is sanitizedbeforehand, but thats not necessary the case for other clients.Validate the size of the firmware buffer to ensure that we dont readpast the end as we iterate over the header. e_phentsize and e_shentsizeare validated as well, to ensure that the assumptions about step size inthe traversal are valid.

Risk Information

Base Score

5.5

MODERATE

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Score

Exploitation Probability

0.014

Associated Vulnerability

No records found

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234