Buffer Manipulation Vulnerability in Linux Kernel Affecting Media Components
CVE-2025-40302

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 8 December 2025

What is CVE-2025-40302?

A vulnerability in the Linux kernel affects the media subsystem, specifically involving the videobuf2 component. The issue arises from the vb2_ioctl_remove_bufs() call, which can manipulate the internal buffer list. This manipulation can potentially overwrite pointers that are crucial for managing the legacy fileio access mode. To protect the integrity of the queue state during subsequent read and write operations, this ioctl operation is forbidden when fileio is active. Implementing this restriction is vital to maintaining security within the kernel's media operations.

Affected Version(s)

Linux a3293a85381ec9680aa2929547fbc76c5d87a1b2

Linux a3293a85381ec9680aa2929547fbc76c5d87a1b2 < 27afd6e066cfd80ddbe22a4a11b99174ac89cced

References

https://git.kernel.org/stable/c/a6a493b985bfffac097a4e1be...

https://git.kernel.org/stable/c/e819b34df0a7030a15c968d61...

https://git.kernel.org/stable/c/27afd6e066cfd80ddbe22a4a1...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 8, 2025
Vulnerability Reserved
Apr 16, 2025

JSON