Wiz
Vulnerability DatabaseCVE-2025-23158

CVE-2025-23158
Linux Kernel vulnerability analysis and mitigation

Overview

CVE-2025-23158 is a vulnerability discovered in the Linux kernel's media subsystem, specifically in the Venus HFI (Hardware Firmware Interface) component. The vulnerability was disclosed on May 1, 2025, affecting various Linux distributions including Debian and Ubuntu (NVD, Wiz).

Technical details

The vulnerability occurs in the queue size handling mechanism where the firmware can modify the qsize value to an invalid large value. When this happens, the emptyspace calculation becomes incorrect, potentially being larger than the actually available space. Since newwr_idx is not properly checked, this can result in an out-of-bounds write operation during memory copy operations (Debian Tracker).

Impact

The vulnerability could potentially lead to memory corruption through out-of-bounds write operations. This could result in system crashes or potential privilege escalation, though the exact impact severity has not been fully assessed (Wiz).

Mitigation and workarounds

The issue has been fixed in several Linux distributions. Debian has addressed the vulnerability in bookworm (6.1.135-1) and sid (6.12.25-1) releases. The fix involves adding proper checks to ensure qsize is within the allocated size while reading and writing packets into the queue (Debian Tracker).

Additional resources

SourceThis report was generated using AI

Related Linux Kernel vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-40344N/AN/A
  • Linux KernelLinux Kernel
  • kernel-debug-modules-internal
NoYesDec 09, 2025
CVE-2025-40343N/AN/A
  • Linux KernelLinux Kernel
  • kernel-64k-debug-devel
NoYesDec 09, 2025
CVE-2025-40342N/AN/A
  • Linux KernelLinux Kernel
  • kernel-64k-debug-devel-matched
NoYesDec 09, 2025
CVE-2025-40341N/AN/A
  • Linux KernelLinux Kernel
  • kernel-rt-64k-debug-modules-extra
NoYesDec 09, 2025
CVE-2025-40340N/AN/A
  • Linux KernelLinux Kernel
  • kernel-rt-64k-debug-kvm
NoYesDec 09, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo