FKIE_CVE-2025-32776

Vulnerability from fkie_nvd - Published: 2025-04-15 17:15 - Updated: 2025-11-03 20:18
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
OpenRazer is an open source driver and user-space daemon to control Razer device lighting and other features on GNU/Linux. By writing specially crafted data to the `matrix_custom_frame` file, an attacker can cause the custom kernel driver to read more bytes than provided by user space. This data will be written into the RGB arguments which will be sent to the USB device. This issue has been patched in v3.10.2.
References
security-advisories@github.comhttps://github.com/openrazer/openrazer/commit/57610511d2548eda66999eaed5aa4517e89d6d39
security-advisories@github.comhttps://github.com/openrazer/openrazer/commit/d869abd20995b4931795e1cde54d4ac84d9ca62f
security-advisories@github.comhttps://github.com/openrazer/openrazer/issues/2433
security-advisories@github.comhttps://github.com/openrazer/openrazer/security/advisories/GHSA-835j-6976-46jx
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2025/04/msg00032.html
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "OpenRazer is an open source driver and user-space daemon to control Razer device lighting and other features on GNU/Linux. By writing specially crafted data to the `matrix_custom_frame` file, an attacker can cause the custom kernel driver to read more bytes than provided by user space. This data will be written into the RGB arguments which will be sent to the USB device. This issue has been patched in v3.10.2."
    },
    {
      "lang": "es",
      "value": "OpenRazer es un controlador de c\u00f3digo abierto y un daemon de espacio de usuario para controlar la iluminaci\u00f3n de dispositivos Razer y otras funciones en GNU/Linux. Al escribir datos especialmente manipulados en el archivo `matrix_custom_frame`, un atacante puede provocar que el controlador de kernel personalizado lea m\u00e1s bytes de los que proporciona el espacio de usuario. Estos datos se escribir\u00e1n en los argumentos RGB que se enviar\u00e1n al dispositivo USB. Este problema se ha corregido en la versi\u00f3n 3.10.2."
    }
  ],
  "id": "CVE-2025-32776",
  "lastModified": "2025-11-03T20:18:28.297",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-04-15T17:15:49.730",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/openrazer/openrazer/commit/57610511d2548eda66999eaed5aa4517e89d6d39"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/openrazer/openrazer/commit/d869abd20995b4931795e1cde54d4ac84d9ca62f"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/openrazer/openrazer/issues/2433"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/openrazer/openrazer/security/advisories/GHSA-835j-6976-46jx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00032.html"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.