Linux Kernel Vulnerability in V4L2 Sub-device Error Handling
CVE-2025-40207

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 12 November 2025

What is CVE-2025-40207?

A vulnerability exists in the Linux kernel's media subsystem, specifically within the v4l2_subdev_call_state_try() macro. This vulnerability arises from inadequate error checking when allocating a sub-device state using __v4l2_subdev_state_alloc(). When this allocation fails and inadvertently returns an ERR_PTR, it can lead to a crash of the v4l2_subdev_call_state_try() function. The issue has been addressed with improved error handling to ensure that allocation failures are properly managed, preventing potential system instability.

Affected Version(s)

Linux 982c0487185bd466059ff618f398a8d074ddb654 < 5b0057459cdc243ffb35617603142dcace09c711

Linux 982c0487185bd466059ff618f398a8d074ddb654

Linux 982c0487185bd466059ff618f398a8d074ddb654 < 94e6336dc1f06a06f5b4cd04d4a012bba34f2857

References

https://git.kernel.org/stable/c/5b0057459cdc243ffb3561760...

https://git.kernel.org/stable/c/ed30811fbed40751deb952bde...

https://git.kernel.org/stable/c/94e6336dc1f06a06f5b4cd04d...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Apr 16, 2025

JSON