Linux Kernel Vulnerability in MediaTek VCodec Context List Protection
CVE-2025-71140
What is CVE-2025-71140?
A vulnerability has been identified in the Linux kernel's MediaTek VCodec module, where the context lists for encoder and decoder operations are not adequately protected. The initial implementation utilized a mutex to secure these lists, which proved inadequate due to changes from the SCP IP block leading to potential NULL pointer dereferences in the IPI handler. The issue manifests particularly on the MT8173 chipset when the VPU IPI handler is invoked from a hard IRQ context, triggering scheduler warnings. The problem was observed in ChromeOS kernels and is also reproducible on the mainline version using Fluster in conjunction with FFmpeg v4l2m2m decoders. The update replaces the mutex with a spinlock, ensuring faster operations on the context list while enhancing stability.
Affected Version(s)
Linux 0a2dc707aa42214f9c4827bd57e344e29a0841d6 < 2c1ea6214827041f548279c9eda341eda0cc8351
Linux 6467cda18c9f9b5f2f9a0aa1e2861c653e41f382
Linux 6467cda18c9f9b5f2f9a0aa1e2861c653e41f382 < 3e858938b0e659f6ec9ddcf853a87f1c5c3f44e1