Linux Kernel Module Vulnerability in QCOM IRIS Video Codec by Qualcomm
CVE-2025-40208

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 12 November 2025

What is CVE-2025-40208?

The Linux Kernel contains a vulnerability impacting the QCOM IRIS video codec where a failure during firmware download can lead to improper module removal. This situation may trigger runtime power management (PM) usage count underflows, potentially causing instability in video processing. The bug manifests when the module attempts to unbind and clean up resources if the firmware fails to load, causing critical operations to be skipped, which can affect overall system performance and reliability.

Affected Version(s)

Linux d7378f84e94e14998b3469dcc0d8ce609d049ccc < 7a0a77b936ff28f59c271172e81cefebf7b2b7a6

Linux d7378f84e94e14998b3469dcc0d8ce609d049ccc

Linux 6.15

References

https://git.kernel.org/stable/c/7a0a77b936ff28f59c271172e...

https://git.kernel.org/stable/c/fde38008fc4f43db8c1786949...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Apr 16, 2025

JSON