cve/published/2025/CVE-2025-40114.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-1.2.0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@kernel.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2025-40114: iio: light: Add check for array bounds in veml6075_read_int_time_ms

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 iio: light: Add check for array bounds in veml6075_read_int_time_ms

 The array contains only 5 elements, but the index calculated by
 veml6075_read_int_time_index can range from 0 to 7,
 which could lead to out-of-bounds access. The check prevents this issue.

 Coverity Issue
 CID 1574309: (#1 of 1): Out-of-bounds read (OVERRUN)
 overrun-local: Overrunning array veml6075_it_ms of 5 4-byte
 elements at element index 7 (byte offset 31) using
 index int_index (which evaluates to 7)

 This is hardening against potentially broken hardware. Good to have
 but not necessary to backport.

 The Linux kernel CVE team has assigned CVE-2025-40114 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 6.8 with commit 3b82f43238aecd73464aeacc9c73407079511533 and fixed in 6.12.23 with commit 7a40b52d4442178bee0cf1c36bc450ab951cef0f
 	Issue introduced in 6.8 with commit 3b82f43238aecd73464aeacc9c73407079511533 and fixed in 6.13.11 with commit 18a08b5632809faa671279b3cd27d5f96cc5a3f0
 	Issue introduced in 6.8 with commit 3b82f43238aecd73464aeacc9c73407079511533 and fixed in 6.14.2 with commit 9c40a68b7f97fa487e6c7e67fcf4f846a1f96692
 	Issue introduced in 6.8 with commit 3b82f43238aecd73464aeacc9c73407079511533 and fixed in 6.15 with commit ee735aa33db16c1fb5ebccbaf84ad38f5583f3cc

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2025-40114
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/iio/light/veml6075.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/7a40b52d4442178bee0cf1c36bc450ab951cef0f
 	https://git.kernel.org/stable/c/18a08b5632809faa671279b3cd27d5f96cc5a3f0
 	https://git.kernel.org/stable/c/9c40a68b7f97fa487e6c7e67fcf4f846a1f96692
 	https://git.kernel.org/stable/c/ee735aa33db16c1fb5ebccbaf84ad38f5583f3cc
	From bippy-1.2.0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@kernel.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2025-40114: iio: light: Add check for array bounds in veml6075_read_int_time_ms

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	iio: light: Add check for array bounds in veml6075_read_int_time_ms

	The array contains only 5 elements, but the index calculated by
	veml6075_read_int_time_index can range from 0 to 7,
	which could lead to out-of-bounds access. The check prevents this issue.

	Coverity Issue
	CID 1574309: (#1 of 1): Out-of-bounds read (OVERRUN)
	overrun-local: Overrunning array veml6075_it_ms of 5 4-byte
	elements at element index 7 (byte offset 31) using
	index int_index (which evaluates to 7)

	This is hardening against potentially broken hardware. Good to have
	but not necessary to backport.

	The Linux kernel CVE team has assigned CVE-2025-40114 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 6.8 with commit 3b82f43238aecd73464aeacc9c73407079511533 and fixed in 6.12.23 with commit 7a40b52d4442178bee0cf1c36bc450ab951cef0f
	Issue introduced in 6.8 with commit 3b82f43238aecd73464aeacc9c73407079511533 and fixed in 6.13.11 with commit 18a08b5632809faa671279b3cd27d5f96cc5a3f0
	Issue introduced in 6.8 with commit 3b82f43238aecd73464aeacc9c73407079511533 and fixed in 6.14.2 with commit 9c40a68b7f97fa487e6c7e67fcf4f846a1f96692
	Issue introduced in 6.8 with commit 3b82f43238aecd73464aeacc9c73407079511533 and fixed in 6.15 with commit ee735aa33db16c1fb5ebccbaf84ad38f5583f3cc

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2025-40114
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/iio/light/veml6075.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/7a40b52d4442178bee0cf1c36bc450ab951cef0f
	https://git.kernel.org/stable/c/18a08b5632809faa671279b3cd27d5f96cc5a3f0
	https://git.kernel.org/stable/c/9c40a68b7f97fa487e6c7e67fcf4f846a1f96692
	https://git.kernel.org/stable/c/ee735aa33db16c1fb5ebccbaf84ad38f5583f3cc