CVE-2025-32776: 
Linux Debian vulnerability analysis and mitigation

OpenRazer, an open source driver and user-space daemon for controlling Razer device lighting and other features on GNU/Linux, was found to contain a vulnerability (CVE-2025-32776) discovered in April 2025. The vulnerability affects versions 3.10.1 and earlier, where specially crafted data written to the matrix_custom_frame file could cause the custom kernel driver to perform an out-of-bounds read operation (GitHub Advisory).

The vulnerability is classified as an out-of-bounds read (CWE-125) with a CVSS v3.1 score of 5.5 (Medium). The issue occurs when processing input in the razer_attr_write_matrix_custom_frame functions. When specific parameters are provided (e.g., startcol=0x00 and stopcol=0x55), an integer overflow can occur during the calculation of rowlength ((stopcol+1) - start_col) * 3, leading to a buffer overflow condition. This overflow results in the code attempting to read more bytes than available in the buffer during the memcpy operation (GitHub Issue).

The vulnerability allows an attacker to cause the kernel driver to read beyond the intended buffer boundaries. The read data is then written into the RGB arguments which are sent to the USB device. This has been rated with High confidentiality impact, though no integrity or availability impacts were identified (GitHub Advisory).

The vulnerability has been patched in OpenRazer version 3.10.2. The fix involves changing the rowlength variable type from unsigned char to sizet to prevent integer overflow, and modifying the handling of invalid parameters to stop copying any custom frame data. No workarounds are available for unpatched systems (GitHub Advisory, GitHub Commit).