CVE-2025-40302

EPSS 0.02%
Veröffentlicht 08.12.2025 00:46:26
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

media: videobuf2: forbid remove_bufs when legacy fileio is active

In the Linux kernel, the following vulnerability has been resolved:

media: videobuf2: forbid remove_bufs when legacy fileio is active

vb2_ioctl_remove_bufs() call manipulates queue internal buffer list,
potentially overwriting some pointers used by the legacy fileio access
mode. Forbid that ioctl when fileio is active to protect internal queue
state between subsequent read/write calls.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

CNA 2 VulnDex Vulnerability Enrichment 5

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version a3293a85381ec9680aa2929547fbc76c5d87a1b2

Version < a6a493b985bfffac097a4e1be09f98b27729dca8

Status affected

Version a3293a85381ec9680aa2929547fbc76c5d87a1b2

Version < e819b34df0a7030a15c968d619fa8a3ed2455c7a

Status affected

Version a3293a85381ec9680aa2929547fbc76c5d87a1b2

Version < 27afd6e066cfd80ddbe22a4a11b99174ac89cced

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.10

Status affected

Version 0

Version < 6.10

Status unaffected

Version <= 6.12.*

Version 6.12.58

Status unaffected

Version <= 6.17.*

Version 6.17.8

Status unaffected

Version <= *

Version 6.18

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.056

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/a6a493b985bfffac097a4e1be09f98b27729dca8

https://git.kernel.org/stable/c/e819b34df0a7030a15c968d619fa8a3ed2455c7a

https://git.kernel.org/stable/c/27afd6e066cfd80ddbe22a4a11b99174ac89cced

https://nvd.nist.gov/vuln/detail/CVE-2025-40302

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-40302

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-40302

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-40302