Memory Leak in Linux Kernel's Iris Media Component
CVE-2025-40017

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 20 October 2025

What is CVE-2025-40017?

A memory leak vulnerability exists in the Linux kernel's Iris media component due to an internal buffer not being freed during session closure. This untracked buffer, allocated each session, does not release memory, leading to potential system resource exhaustion. To remedy this, logic has been introduced to ensure that the internal buffer is explicitly freed at the end of each session, thus allowing for proper memory management and optimization within the Linux environment.

Affected Version(s)

Linux 73702f45db81b74897b2808aaa13484826156006

Linux 73702f45db81b74897b2808aaa13484826156006 < 02a24f13b3a1d9da9f3de56aa5fdb7cc1fe167a2

References

https://git.kernel.org/stable/c/c9e024e907cafafd6b094f69a...

https://git.kernel.org/stable/c/ec2f87ad035e8d1ad67567542...

https://git.kernel.org/stable/c/02a24f13b3a1d9da9f3de56aa...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 20, 2025
Vulnerability Reserved
Apr 16, 2025

JSON