CVE-2025-40114
HIGH EPSS 11.5%
Published Apr 18, 20251y ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
Published Apr 18, 2025 1y ago
Last Modified Jun 17, 2026 1w ago
Description
In the Linux kernel, the following vulnerability has been resolved: iio: light: Add check for array bounds in veml6075_read_int_time_ms The array contains only 5 elements, but the index calculated by veml6075_read_int_time_index can range from 0 to 7, which could lead to out-of-bounds access. The check prevents this issue. Coverity Issue CID 1574309: (#1 of 1): Out-of-bounds read (OVERRUN) overrun-local: Overrunning array veml6075_it_ms of 5 4-byte elements at element index 7 (byte offset 31) using index int_index (which evaluates to 7) This is hardening against potentially broken hardware. Good to have but not necessary to backport.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
11.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-129
Affected Products 3
References 4
- git.kernel.org https://git.kernel.org/stable/c/18a08b5632809faa671279b3cd27d5f96cc5a3f0
- git.kernel.org https://git.kernel.org/stable/c/7a40b52d4442178bee0cf1c36bc450ab951cef0f
- git.kernel.org https://git.kernel.org/stable/c/9c40a68b7f97fa487e6c7e67fcf4f846a1f96692
- git.kernel.org https://git.kernel.org/stable/c/ee735aa33db16c1fb5ebccbaf84ad38f5583f3cc
Remediation
- git.kernel.org https://git.kernel.org/stable/c/18a08b5632809faa671279b3cd27d5f96cc5a3f0
- git.kernel.org https://git.kernel.org/stable/c/7a40b52d4442178bee0cf1c36bc450ab951cef0f
- git.kernel.org https://git.kernel.org/stable/c/9c40a68b7f97fa487e6c7e67fcf4f846a1f96692
- git.kernel.org https://git.kernel.org/stable/c/ee735aa33db16c1fb5ebccbaf84ad38f5583f3cc