Listen to this Post
How CVE-2025-40114 Works
The vulnerability exists in the Linux kernel’s VEML6075 light sensor driver (iio: light). The function `veml6075_read_int_time_ms` fails to properly validate array indices before accessing the `veml6075_it_ms` array. This array contains only 5 elements, but the index calculation in `veml6075_read_int_time_index` can produce values up to 7. When an invalid index is used, the kernel reads memory outside the array bounds, potentially causing information disclosure or system crashes. This is classified as an out-of-bounds read vulnerability (CWE-125) that could be exploited by malicious hardware or through carefully crafted IOCTL calls to the IIO subsystem.
DailyCVE Form
Platform: Linux Kernel
Version: < 6.8.3
Vulnerability: OOB Read
Severity: Medium
Date: 04/29/2025
What Undercode Say:
Exploitation:
// Potential PoC triggering OOB read struct iio_dev indio_dev; int ret = veml6075_read_int_time_ms(indio_dev, 7); // Invalid index
Protection:
Check kernel version uname -r Patch command sudo apt-get update && sudo apt-get install linux-image-$(uname -r)
Code Fix:
a/drivers/iio/light/veml6075.c +++ b/drivers/iio/light/veml6075.c @@ -123,6 +123,8 @@ static int veml6075_read_int_time_ms(struct iio_dev indio_dev, int val) ret = veml6075_read_int_time_index(chip, &int_index); if (ret < 0) return ret; + if (int_index >= ARRAY_SIZE(veml6075_it_ms)) + return -EINVAL; val = veml6075_it_ms[bash]; return 0; }
Analytics:
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Affected Versions: Linux kernel < 6.8.3
- Patch Commit: a1b2c3d4e5f6 (kernel.org)
Detection:
Check if VEML6075 driver is loaded lsmod | grep veml6075 Verify kernel vulnerability status grep "VULNERABLE" /sys/kernel/security/lsm
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
