CVE-2025-68812
BaseFortify
Publication date: 2026-01-13
Last updated on: 2026-04-03
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux_kernel | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is in the Linux kernel's iris media driver. It occurs because there is no sanity check in the iris_vb2_stop_streaming function to verify if the instance state is already IRIS_INST_ERROR. If the state is IRIS_INST_ERROR, the stop streaming operation should be skipped to avoid sending packets to the firmware. Without this check, calling stop_streaming after the session has been killed (which sets the state to IRIS_INST_ERROR and frees certain memory) can cause a crash.
How can this vulnerability impact me? :
This vulnerability can cause a crash in the Linux kernel when stop_streaming is called after the session has been killed and the instance state is set to IRIS_INST_ERROR. This could lead to system instability or denial of service due to the kernel crash.