CVE-2025-32776 (GCVE-0-2025-32776)
Vulnerability from cvelistv5 – Published: 2025-04-15 16:32 – Updated: 2025-11-03 19:53
VLAI?
Summary
OpenRazer is an open source driver and user-space daemon to control Razer device lighting and other features on GNU/Linux. By writing specially crafted data to the `matrix_custom_frame` file, an attacker can cause the custom kernel driver to read more bytes than provided by user space. This data will be written into the RGB arguments which will be sent to the USB device. This issue has been patched in v3.10.2.
Severity ?
5.5 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32776",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T17:51:23.419369Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T17:51:38.081Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:53:39.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00032.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openrazer",
"vendor": "openrazer",
"versions": [
{
"status": "affected",
"version": "\u003c 3.10.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenRazer is an open source driver and user-space daemon to control Razer device lighting and other features on GNU/Linux. By writing specially crafted data to the `matrix_custom_frame` file, an attacker can cause the custom kernel driver to read more bytes than provided by user space. This data will be written into the RGB arguments which will be sent to the USB device. This issue has been patched in v3.10.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T16:32:20.628Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/openrazer/openrazer/security/advisories/GHSA-835j-6976-46jx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openrazer/openrazer/security/advisories/GHSA-835j-6976-46jx"
},
{
"name": "https://github.com/openrazer/openrazer/issues/2433",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openrazer/openrazer/issues/2433"
},
{
"name": "https://github.com/openrazer/openrazer/commit/57610511d2548eda66999eaed5aa4517e89d6d39",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openrazer/openrazer/commit/57610511d2548eda66999eaed5aa4517e89d6d39"
},
{
"name": "https://github.com/openrazer/openrazer/commit/d869abd20995b4931795e1cde54d4ac84d9ca62f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openrazer/openrazer/commit/d869abd20995b4931795e1cde54d4ac84d9ca62f"
}
],
"source": {
"advisory": "GHSA-835j-6976-46jx",
"discovery": "UNKNOWN"
},
"title": "OpenRazer Vulnerable to Out of Bounds Read"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-32776",
"datePublished": "2025-04-15T16:32:20.628Z",
"dateReserved": "2025-04-10T12:51:12.278Z",
"dateUpdated": "2025-11-03T19:53:39.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-32776\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-04-15T17:15:49.730\",\"lastModified\":\"2025-11-03T20:18:28.297\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"OpenRazer is an open source driver and user-space daemon to control Razer device lighting and other features on GNU/Linux. By writing specially crafted data to the `matrix_custom_frame` file, an attacker can cause the custom kernel driver to read more bytes than provided by user space. This data will be written into the RGB arguments which will be sent to the USB device. This issue has been patched in v3.10.2.\"},{\"lang\":\"es\",\"value\":\"OpenRazer es un controlador de c\u00f3digo abierto y un daemon de espacio de usuario para controlar la iluminaci\u00f3n de dispositivos Razer y otras funciones en GNU/Linux. Al escribir datos especialmente manipulados en el archivo `matrix_custom_frame`, un atacante puede provocar que el controlador de kernel personalizado lea m\u00e1s bytes de los que proporciona el espacio de usuario. Estos datos se escribir\u00e1n en los argumentos RGB que se enviar\u00e1n al dispositivo USB. Este problema se ha corregido en la versi\u00f3n 3.10.2.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"references\":[{\"url\":\"https://github.com/openrazer/openrazer/commit/57610511d2548eda66999eaed5aa4517e89d6d39\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/openrazer/openrazer/commit/d869abd20995b4931795e1cde54d4ac84d9ca62f\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/openrazer/openrazer/issues/2433\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/openrazer/openrazer/security/advisories/GHSA-835j-6976-46jx\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/04/msg00032.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2025/04/msg00032.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T19:53:39.183Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-32776\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-15T17:51:23.419369Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-15T17:51:29.278Z\"}}], \"cna\": {\"title\": \"OpenRazer Vulnerable to Out of Bounds Read\", \"source\": {\"advisory\": \"GHSA-835j-6976-46jx\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"openrazer\", \"product\": \"openrazer\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 3.10.2\"}]}], \"references\": [{\"url\": \"https://github.com/openrazer/openrazer/security/advisories/GHSA-835j-6976-46jx\", \"name\": \"https://github.com/openrazer/openrazer/security/advisories/GHSA-835j-6976-46jx\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/openrazer/openrazer/issues/2433\", \"name\": \"https://github.com/openrazer/openrazer/issues/2433\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/openrazer/openrazer/commit/57610511d2548eda66999eaed5aa4517e89d6d39\", \"name\": \"https://github.com/openrazer/openrazer/commit/57610511d2548eda66999eaed5aa4517e89d6d39\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/openrazer/openrazer/commit/d869abd20995b4931795e1cde54d4ac84d9ca62f\", \"name\": \"https://github.com/openrazer/openrazer/commit/d869abd20995b4931795e1cde54d4ac84d9ca62f\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"OpenRazer is an open source driver and user-space daemon to control Razer device lighting and other features on GNU/Linux. By writing specially crafted data to the `matrix_custom_frame` file, an attacker can cause the custom kernel driver to read more bytes than provided by user space. This data will be written into the RGB arguments which will be sent to the USB device. This issue has been patched in v3.10.2.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-125\", \"description\": \"CWE-125: Out-of-bounds Read\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-04-15T16:32:20.628Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-32776\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T19:53:39.183Z\", \"dateReserved\": \"2025-04-10T12:51:12.278Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-04-15T16:32:20.628Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…