CVE-2025-39712
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-05

Last updated on: 2025-11-25

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: media: mt9m114: Fix deadlock in get_frame_interval/set_frame_interval Getting / Setting the frame interval using the V4L2 subdev pad ops get_frame_interval/set_frame_interval causes a deadlock, as the subdev state is locked in the [1] but also in the driver itself. In [2] it's described that the caller is responsible to acquire and release the lock in this case. Therefore, acquiring the lock in the driver is wrong. Remove the lock acquisitions/releases from mt9m114_ifp_get_frame_interval() and mt9m114_ifp_set_frame_interval(). [1] drivers/media/v4l2-core/v4l2-subdev.c - line 1129 [2] Documentation/driver-api/media/v4l2-subdev.rst
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-05
Last Modified
2025-11-25
Generated
2026-06-16
AI Q&A
2025-09-05
EPSS Evaluated
2026-06-14
NVD
CVE-2025-39712
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-667 The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a deadlock issue in the Linux kernel's media driver for the mt9m114 device. Specifically, when getting or setting the frame interval using V4L2 sub-device pad operations (get_frame_interval/set_frame_interval), the sub-device state lock is acquired both in the core and again in the driver, causing a deadlock. The correct approach is that the caller should manage the locking, so the driver should not acquire the lock again. The fix removes the redundant lock acquisitions/releases in the driver functions.

Impact Analysis

This vulnerability can cause the system to hang or become unresponsive when accessing the frame interval settings of the mt9m114 media device due to a deadlock. This can disrupt media processing or video capture functionality relying on this driver, potentially affecting system stability and availability.

Mitigation Strategies

To mitigate this vulnerability, update the Linux kernel to a version where the mt9m114 driver has removed the incorrect lock acquisitions/releases in the get_frame_interval and set_frame_interval functions. This fix prevents the deadlock by ensuring the caller manages the locking as intended.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-39712. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart