CVE-2025-39714
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-05

Last updated on: 2025-11-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: media: usbtv: Lock resolution while streaming When an program is streaming (ffplay) and another program (qv4l2) changes the TV standard from NTSC to PAL, the kernel crashes due to trying to copy to unmapped memory. Changing from NTSC to PAL increases the resolution in the usbtv struct, but the video plane buffer isn't adjusted, so it overflows. [hverkuil: call vb2_is_busy instead of vb2_is_streaming]
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-05
Last Modified
2025-11-03
Generated
2026-06-16
AI Q&A
2025-09-05
EPSS Evaluated
2026-06-15
NVD
CVE-2025-39714
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux kernel 5.10.244-1
linux kernel 6.1.153-1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs in the Linux kernel's usbtv media driver. When one program is streaming video (using ffplay) and another program (qv4l2) changes the TV standard from NTSC to PAL, the kernel crashes. This happens because changing from NTSC to PAL increases the resolution stored in the usbtv structure, but the video plane buffer size is not adjusted accordingly, leading to a buffer overflow and attempts to copy to unmapped memory.

Impact Analysis

The vulnerability can cause the Linux kernel to crash when switching TV standards during streaming, leading to system instability or denial of service. This could disrupt video streaming applications and potentially affect system availability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-39714. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart