CVE-2025-40017
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-10-20

Last updated on: 2025-10-21

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: media: iris: Fix memory leak by freeing untracked persist buffer One internal buffer which is allocated only once per session was not being freed during session close because it was not being tracked as part of internal buffer list which resulted in a memory leak. Add the necessary logic to explicitly free the untracked internal buffer during session close to ensure all allocated memory is released properly.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-20
Last Modified
2025-10-21
Generated
2026-06-16
AI Q&A
2025-10-20
EPSS Evaluated
2026-06-15
NVD
CVE-2025-40017
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a memory leak in the Linux kernel's media iris component. An internal buffer allocated once per session was not freed when the session closed because it was not tracked properly. This caused memory to be consumed unnecessarily until the system was restarted or the process ended. The fix involves adding logic to free this untracked buffer during session close to prevent the memory leak.

Impact Analysis

The memory leak can lead to increased memory usage over time, potentially causing system performance degradation or instability. If the system runs many sessions without rebooting, the unfreed memory could accumulate, possibly leading to resource exhaustion or crashes.

Mitigation Strategies

To mitigate this vulnerability, update the Linux kernel to the version where the fix for the iris media memory leak has been applied. This ensures that the untracked internal buffer is properly freed during session close, preventing memory leaks.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-40017. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart