Use-After-Free Vulnerability in Linux Kernel Media Drivers by Google
CVE-2025-38227

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 July 2025

What is CVE-2025-38227?

This vulnerability exists in the Linux kernel's media drivers involving the vidtv subsystem, where improper handling of memory can lead to a use-after-free scenario. Specifically, when the initialization of the PSI (Program Specific Information) fails, the code erroneously accesses the 'si' structure, which can have severe implications in the memory management of the kernel. The issue manifests during the initialization sequence of the vidtv_mux_init function, causing a potential read access violation. Proper memory cleanup must be performed to prevent such vulnerabilities from being exploited.

Affected Version(s)

Linux 3be8037960bccd13052cfdeba8805ad785041d70

Linux 3be8037960bccd13052cfdeba8805ad785041d70 < 7e62be1f3b241bc9faee547864bb39332955509b

Linux 3be8037960bccd13052cfdeba8805ad785041d70 < 685c18bc5a36f823ee725e85aac1303ef5f535ba

References

https://git.kernel.org/stable/c/e1d72ff111eceea6b28dccb7c...

https://git.kernel.org/stable/c/7e62be1f3b241bc9faee54786...

https://git.kernel.org/stable/c/685c18bc5a36f823ee725e85a...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 4, 2025
Vulnerability Reserved
Apr 16, 2025