Linux Kernel Vulnerability in Media Venus Driver Affecting CH340/CH341
CVE-2025-39709

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 5 September 2025

What is CVE-2025-39709?

A vulnerability exists in the Linux kernel's media venus driver that can lead to a situation where spurious interrupts trigger before the interrupt handler is properly initialized. This occurs specifically during system boot, particularly observed on Rb3Gen2 systems. When the IRQ is registered before the complete setup of the handler via hfi_create(), it may result in a NULL dereference. This flaw underscores the importance of ensuring all components are fully initialized prior to enabling interrupt handling to prevent potential crashes or system instability.

Affected Version(s)

Linux af2c3834c8ca7cc65d15592ac671933df8848115 < 18c2b2bd982b8546312c9a7895515672169f28e0

Linux af2c3834c8ca7cc65d15592ac671933df8848115 < 88cf63c2599761c48dec8f618d57dccf8f6f4b53

Linux af2c3834c8ca7cc65d15592ac671933df8848115 < 9db6a78bc5e418e0064e2248c8f3b9b9e8418646

References

https://git.kernel.org/stable/c/18c2b2bd982b8546312c9a789...

https://git.kernel.org/stable/c/88cf63c2599761c48dec8f618...

https://git.kernel.org/stable/c/9db6a78bc5e418e0064e2248c...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 5, 2025
Vulnerability Reserved
Apr 16, 2025