QwikSec

Security Database

CVE

CWE

Training

CVE-2025-32776

Published: Apr 15, 2025

Modified: Nov 3, 2025

PUBLISHED

CVSS v3.1

5.5

MEDIUM

Description

OpenRazer is an open source driver and user-space daemon to control Razer device lighting and other features on GNU/Linux. By writing specially crafted data to the `matrix_custom_frame` file, an attacker can cause the custom kernel driver to read more bytes than provided by user space. This data will be written into the RGB arguments which will be sent to the USB device. This issue has been patched in v3.10.2.

Vendor	Product	Versions
openrazer	openrazer	affected `< 3.10.2`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

References

https://github.com/openrazer/openrazer/security/advisories/GHSA-835j-6976-46jx

x_refsource_CONFIRM

https://github.com/openrazer/openrazer/issues/2433

x_refsource_MISC

https://github.com/openrazer/openrazer/commit/57610511d2548eda66999eaed5aa4517e89d6d39

x_refsource_MISC

https://github.com/openrazer/openrazer/commit/d869abd20995b4931795e1cde54d4ac84d9ca62f

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.