Buffer Overflow Vulnerability in Linux Kernel Affecting USBTV Streaming
CVE-2025-39714

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 5 September 2025

What is CVE-2025-39714?

A vulnerability in the Linux kernel related to the USBTV driver allows for a buffer overflow when streaming video. When a program like ffplay is used for streaming and another program, such as qv4l2, changes the TV standard from NTSC to PAL, it causes the kernel to crash due to an attempt to access unmapped memory. This happens because the resolution within the usbtv structure increases with the change in TV standard, but the video plane buffer isn't adjusted accordingly, leading to an overflow. This flaw indicates potential system instability which can disrupt streaming services.

Affected Version(s)

Linux 0e0fe3958fdd13dbf55c3a787acafde6efd04272

Linux 0e0fe3958fdd13dbf55c3a787acafde6efd04272 < 5427dda195d6baf23028196fd55a0c90f66ffa61

References

https://git.kernel.org/stable/c/c35e7c7a004ef379a1ae7c748...

https://git.kernel.org/stable/c/ee7bade8b9244834229b12b6e...

https://git.kernel.org/stable/c/5427dda195d6baf23028196fd...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 5, 2025
Vulnerability Reserved
Apr 16, 2025