Video Interface Vulnerability in Linux Kernel Affecting UVC Devices
CVE-2025-40016

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 20 October 2025

What is CVE-2025-40016?

A vulnerability exists in the Linux kernel's handling of UVC (USB Video Class) devices. The issue arises when invalid entities are assigned a non-unique or zero ID, contrary to the UVC 1.1+ specification requiring non-zero unique identifications. This flaw may lead to unexpected behavior during the creation of media pad links, resulting in warnings or errors when devices are improperly configured. It disrupts normal operations, particularly with non-compliant cameras, by highlighting issues with entity initialization and maintaining valid entity relationships within the video processing chain.

Affected Version(s)

Linux a3fbc2e6bb05a3b1ea341cd29dea09b4a033727b

Linux a3fbc2e6bb05a3b1ea341cd29dea09b4a033727b < 000b2a6bed7f30e0aadfb19bce9af6458d879304

Linux a3fbc2e6bb05a3b1ea341cd29dea09b4a033727b < 15c0e136bd8cd70a1136a11c7876d6aae0eef8c8

References

https://git.kernel.org/stable/c/f617d515d66c05e9aebc787a8...

https://git.kernel.org/stable/c/000b2a6bed7f30e0aadfb19bc...

https://git.kernel.org/stable/c/15c0e136bd8cd70a1136a11c7...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 20, 2025
Vulnerability Reserved
Apr 16, 2025

JSON