CVE-2025-40017
Awaiting Analysis Awaiting Analysis - Queue

BaseFortify

Vulnerability report for CVE-2025-40017, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-10-20

Last updated on: 2025-10-21

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: media: iris: Fix memory leak by freeing untracked persist buffer One internal buffer which is allocated only once per session was not being freed during session close because it was not being tracked as part of internal buffer list which resulted in a memory leak. Add the necessary logic to explicitly free the untracked internal buffer during session close to ensure all allocated memory is released properly.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-10-20
Last Modified
2025-10-21
Generated
2026-07-06
AI Q&A
2025-10-20
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a memory leak in the Linux kernel's media iris component. An internal buffer allocated once per session was not freed when the session closed because it was not tracked properly. This caused memory to be consumed unnecessarily until the system was restarted or the process ended. The fix involves adding logic to free this untracked buffer during session close to prevent the memory leak.

Impact Analysis

The memory leak can lead to increased memory usage over time, potentially causing system performance degradation or instability. If the system runs many sessions without rebooting, the unfreed memory could accumulate, possibly leading to resource exhaustion or crashes.

Mitigation Strategies

To mitigate this vulnerability, update the Linux kernel to the version where the fix for the iris media memory leak has been applied. This ensures that the untracked internal buffer is properly freed during session close, preventing memory leaks.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-40017. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart