CVE-2025-40114

Description

In the Linux kernel, the following vulnerability has been resolved: iio: light: Add check for array bounds in veml6075_read_int_time_ms The array contains only 5 elements, but the index calculated by veml6075_read_int_time_index can range from 0 to 7, which could lead to out-of-bounds access. The check prevents this issue. Coverity Issue CID 1574309: (#1 of 1): Out-of-bounds read (OVERRUN) overrun-local: Overrunning array veml6075_it_ms of 5 4-byte elements at element index 7 (byte offset 31) using index int_index (which evaluates to 7) This is hardening against potentially broken hardware. Good to have but not necessary to backport.

Reserved 2025-04-16 | Published 2025-04-18 | Updated 2025-05-26 | Assigner Linux

Product status

Default status
unaffected

3b82f43238aecd73464aeacc9c73407079511533 before 7a40b52d4442178bee0cf1c36bc450ab951cef0f
affected

3b82f43238aecd73464aeacc9c73407079511533 before 18a08b5632809faa671279b3cd27d5f96cc5a3f0
affected

3b82f43238aecd73464aeacc9c73407079511533 before 9c40a68b7f97fa487e6c7e67fcf4f846a1f96692
affected

3b82f43238aecd73464aeacc9c73407079511533 before ee735aa33db16c1fb5ebccbaf84ad38f5583f3cc
affected

Default status
affected

6.8
affected

Any version before 6.8
unaffected

6.12.23
unaffected

6.13.11
unaffected

6.14.2
unaffected

6.15
unaffected

References

git.kernel.org/...c/7a40b52d4442178bee0cf1c36bc450ab951cef0f

git.kernel.org/...c/18a08b5632809faa671279b3cd27d5f96cc5a3f0

git.kernel.org/...c/9c40a68b7f97fa487e6c7e67fcf4f846a1f96692

git.kernel.org/...c/ee735aa33db16c1fb5ebccbaf84ad38f5583f3cc

cve.org (CVE-2025-40114)

nvd.nist.gov (CVE-2025-40114)

Download JSON