Linux Kernel Streaming Cleanup Issue in NXP i.MX95

CVE-2025-40165

What is CVE-2025-40165?

A vulnerability exists in the Linux kernel related to the NXP i.MX95, specifically within the media driver for the imx8-isi component. The issue arises when the streamon and streamoff calls are not balanced, such as during abrupt application exits (e.g., using Ctrl+C). If the input line width exceeds 2K, a warning is triggered, and the m2m usage count may not reset to zero. Consequently, the ISI channel remains allocated, leading to potential resource leaks. The vulnerability has been addressed by restructuring the streaming preparation and cleanup processes and leveraging existing helper functions, which simplifies the driver while ensuring proper resource handling.

References