Linux Kernel Vulnerability in Media Subsystem Affects Device Management
CVE-2025-40197

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 12 November 2025

What is CVE-2025-40197?

A vulnerability in the Linux kernel's media subsystem involves improper handling of device minor numbers. Specifically, the device minor should not be cleared after the device is released, which could lead to undefined behaviors in device management, potential data leaks, or other security issues. The flaw highlights the importance of correct resource handling in system-level components to maintain product integrity and security.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 64dbc6f50ce92b7da203b1bcdd96a370bbc9b74d

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 5d327391f9fafeb0938be4fc538dd0bd54a0b2ef

References

https://git.kernel.org/stable/c/dd156f44ea82cc249f46c519e...

https://git.kernel.org/stable/c/64dbc6f50ce92b7da203b1bcd...

https://git.kernel.org/stable/c/5d327391f9fafeb0938be4fc5...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Apr 16, 2025

JSON