Linux Kernel adv7842: OOB array access in adv7842_cp_log_status (CVE-2025-71136)
CVE-2025-71136 Published on January 14, 2026
media: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status()
In the Linux kernel, the following vulnerability has been resolved:
media: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status()
It's possible for cp_read() and hdmi_read() to return -EIO. Those
values are further used as indexes for accessing arrays.
Fix that by checking return values where it's needed.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Products Associated with CVE-2025-71136
stack.watch emails you whenever new vulnerabilities are published in Linux Kernel or Canonical Ubuntu Linux. Just hit a watch button to start following.
Affected Versions
Linux:- Version a89bcd4c6c2023615a89001b5a11b0bb77eb9491 and below f81ee181cb036d046340c213091b69d9a8701a76 is affected.
- Version a89bcd4c6c2023615a89001b5a11b0bb77eb9491 and below f913b9a2ccd6114b206b9e91dae5e3dc13a415a0 is affected.
- Version a89bcd4c6c2023615a89001b5a11b0bb77eb9491 and below d6a22a4a96e4dfe6897cb3532d2b3016d87706f0 is affected.
- Version a89bcd4c6c2023615a89001b5a11b0bb77eb9491 and below a73881ae085db5702d8b13e2fc9f78d51c723d3f is affected.
- Version a89bcd4c6c2023615a89001b5a11b0bb77eb9491 and below 60dde0960e3ead8a9569f6c494d90d0232ac0983 is affected.
- Version a89bcd4c6c2023615a89001b5a11b0bb77eb9491 and below b693d48a6ed0cd09171103ad418e4a693203d6e4 is affected.
- Version a89bcd4c6c2023615a89001b5a11b0bb77eb9491 and below 8163419e3e05d71dcfa8fb49c8fdf8d76908fe51 is affected.
- Version 3.12 is affected.
- Before 3.12 is unaffected.
- Version 5.10.248, <= 5.10.* is unaffected.
- Version 5.15.198, <= 5.15.* is unaffected.
- Version 6.1.160, <= 6.1.* is unaffected.
- Version 6.6.120, <= 6.6.* is unaffected.
- Version 6.12.64, <= 6.12.* is unaffected.
- Version 6.18.4, <= 6.18.* is unaffected.
- Version 6.19, <= * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.