First published: Tue Apr 15 2025(Updated: )
OpenRazer is an open source driver and user-space daemon to control Razer device lighting and other features on GNU/Linux. By writing specially crafted data to the `matrix_custom_frame` file, an attacker can cause the custom kernel driver to read more bytes than provided by user space. This data will be written into the RGB arguments which will be sent to the USB device. This issue has been patched in v3.10.2.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
OpenRazer | <3.10.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2025-32776 is classified as a high severity vulnerability due to its potential ability to allow attackers to read more bytes than intended from a kernel driver.
To mitigate CVE-2025-32776, users should update OpenRazer to version 3.10.2 or later, where the vulnerability has been addressed.
CVE-2025-32776 affects OpenRazer versions prior to 3.10.2 on GNU/Linux systems.
CVE-2025-32776 allows an attacker to exploit a buffer overflow by crafting specific data sent to the `matrix_custom_frame` file.
The developers of OpenRazer are responsible for addressing CVE-2025-32776 by providing updates and security advisories.