Bug 2393499 (CVE-2025-39710)

Summary: CVE-2025-39710 kernel: media: venus: Add a check for packet size after reading from shared memory
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2025-09-05 18:02:26 UTC 
In the Linux kernel, the following vulnerability has been resolved:

media: venus: Add a check for packet size after reading from shared memory

Add a check to ensure that the packet size does not exceed the number of
available words after reading the packet header from shared memory. This
ensures that the size provided by the firmware is safe to process and
prevent potential out-of-bounds memory access.
Comment 1 Jon Moroney 2025-09-05 21:49:16 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025090550-CVE-2025-39710-198c@gregkh/T