Description

In the Linux kernel, the following vulnerability has been resolved: iio: light: Add check for array bounds in veml6075_read_int_time_ms The array contains only 5 elements, but the index calculated by veml6075_read_int_time_index can range from 0 to 7, which could lead to out-of-bounds access. The check prevents this issue. Coverity Issue CID 1574309: (#1 of 1): Out-of-bounds read (OVERRUN) overrun-local: Overrunning array veml6075_it_ms of 5 4-byte elements at element index 7 (byte offset 31) using index int_index (which evaluates to 7) This is hardening against potentially broken hardware. Good to have but not necessary to backport.

INFO

Published Date :

2025-04-18T07:01:40.964Z

Last Modified :

2025-10-01T14:47:33.777Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-40114 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-40114.

URL Resource
https://git.kernel.org/stable/c/18a08b5632809faa671279b3cd27d5f96cc5a3f0 cve-icon cve-icon
https://git.kernel.org/stable/c/7a40b52d4442178bee0cf1c36bc450ab951cef0f cve-icon cve-icon
https://git.kernel.org/stable/c/9c40a68b7f97fa487e6c7e67fcf4f846a1f96692 cve-icon cve-icon
https://git.kernel.org/stable/c/ee735aa33db16c1fb5ebccbaf84ad38f5583f3cc cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025041822-CVE-2025-40114-000e@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-40114 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-40114 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact