IM
IronMonkey Threat Research

CVE-2025-39787 MEDIUM

Published: 2025-09-11 | Last Modified: 2026-05-12 | Status: Modified

Description

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: mdt_loader: Ensure we don't read past the ELF header When the MDT loader is used in remoteproc, the ELF header is sanitized beforehand, but that's not necessary the case for other clients. Validate the size of the firmware buffer to ensure that we don't read past the end as we iterate over the header. e_phentsize and e_shentsize are validated as well, to ensure that the assumptions about step size in the traversal are valid.

CVSS Metrics

Base Score: 5.5 (MEDIUM)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack VectorLOCAL
Attack ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactNONE
Integrity ImpactNONE
Availability ImpactHIGH

Source: [email protected]

Type: Primary

Exploitability Score: 1.8

Impact Score: 3.6

Weaknesses

Source Type Description
[email protected] Primary
en NVD-CWE-noinfo

Affected Products

Vendor Product Version Update Type
linux linux_kernel * <built-in method update of dict object at 0x702bcab459c0> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bdd9a0280> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bdd9a2b00> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bde4f0fc0> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bcbbf4840> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bcbbf5a40> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bcab449c0> Operating System
debian debian_linux 11.0 <built-in method update of dict object at 0x702bcab44180> Operating System

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

References

Notification
Message here