Impact
The CVE description reports that when selecting high resolution values in the qcom-lpg LED driver, a 3‑bit register value is read with FIELD_GET and used to index a 5‑element array. Because the array contains fewer elements than the index space, an overflow can occur and the driver may read beyond the bounds of the array, resulting in memory corruption or improper configuration of the LED hardware. The vulnerability is confined to the kernel driver and does not describe any additional impact beyond memory corruption.
Affected Systems
All Linux kernel builds that include the qcom‑lpg LED driver are affected. No specific version ranges are given, so any kernel containing the unpatched source code is potentially vulnerable.
Risk and Exploitability
The EPSS score is reported as <1%, indicating a very low probability that exploitation will occur. The CVE is not listed in the CISA KEV catalog, and no public CVSS score is available. The likely attack vector is local: an attacker with access to the system would need to trigger the high‑resolution routine in the driver to exploit the array overflow, which could corrupt kernel memory. No explicit statement about privilege escalation or other secondary effects is provided in the advisory.
OpenCVE Enrichment