CVE-2025-40302
BaseFortify
Publication date: 2025-12-08
Last updated on: 2025-12-08
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's media subsystem, specifically in the videobuf2 component. The function vb2_ioctl_remove_bufs() manipulates the internal buffer list of a queue, which can overwrite pointers used by the legacy fileio access mode. The vulnerability arises because this ioctl call is allowed even when legacy fileio is active, potentially corrupting the internal queue state between read/write operations. The fix forbids this ioctl call when legacy fileio is active to prevent such corruption.
How can this vulnerability impact me? :
This vulnerability can lead to corruption of the internal buffer queue state in the Linux kernel's media subsystem when legacy fileio mode is active. Such corruption could cause unexpected behavior, crashes, or data integrity issues during media buffer operations, potentially affecting system stability or media processing reliability.