CVE-2025-22028
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
16/04/2025
Last modified:
28/10/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
media: vimc: skip .s_stream() for stopped entities<br />
<br />
Syzbot reported [1] a warning prompted by a check in call_s_stream()<br />
that checks whether .s_stream() operation is warranted for unstarted<br />
or stopped subdevs.<br />
<br />
Add a simple fix in vimc_streamer_pipeline_terminate() ensuring that<br />
entities skip a call to .s_stream() unless they have been previously<br />
properly started.<br />
<br />
[1] Syzbot report:<br />
------------[ cut here ]------------<br />
WARNING: CPU: 0 PID: 5933 at drivers/media/v4l2-core/v4l2-subdev.c:460 call_s_stream+0x2df/0x350 drivers/media/v4l2-core/v4l2-subdev.c:460<br />
Modules linked in:<br />
CPU: 0 UID: 0 PID: 5933 Comm: syz-executor330 Not tainted 6.13.0-rc2-syzkaller-00362-g2d8308bf5b67 #0<br />
...<br />
Call Trace:<br />
<br />
vimc_streamer_pipeline_terminate+0x218/0x320 drivers/media/test-drivers/vimc/vimc-streamer.c:62<br />
vimc_streamer_pipeline_init drivers/media/test-drivers/vimc/vimc-streamer.c:101 [inline]<br />
vimc_streamer_s_stream+0x650/0x9a0 drivers/media/test-drivers/vimc/vimc-streamer.c:203<br />
vimc_capture_start_streaming+0xa1/0x130 drivers/media/test-drivers/vimc/vimc-capture.c:256<br />
vb2_start_streaming+0x15f/0x5a0 drivers/media/common/videobuf2/videobuf2-core.c:1789<br />
vb2_core_streamon+0x2a7/0x450 drivers/media/common/videobuf2/videobuf2-core.c:2348<br />
vb2_streamon drivers/media/common/videobuf2/videobuf2-v4l2.c:875 [inline]<br />
vb2_ioctl_streamon+0xf4/0x170 drivers/media/common/videobuf2/videobuf2-v4l2.c:1118<br />
__video_do_ioctl+0xaf0/0xf00 drivers/media/v4l2-core/v4l2-ioctl.c:3122<br />
video_usercopy+0x4d2/0x1620 drivers/media/v4l2-core/v4l2-ioctl.c:3463<br />
v4l2_ioctl+0x1ba/0x250 drivers/media/v4l2-core/v4l2-dev.c:366<br />
vfs_ioctl fs/ioctl.c:51 [inline]<br />
__do_sys_ioctl fs/ioctl.c:906 [inline]<br />
__se_sys_ioctl fs/ioctl.c:892 [inline]<br />
__x64_sys_ioctl+0x190/0x200 fs/ioctl.c:892<br />
do_syscall_x64 arch/x86/entry/common.c:52 [inline]<br />
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83<br />
entry_SYSCALL_64_after_hwframe+0x77/0x7f<br />
RIP: 0033:0x7f2b85c01b19<br />
...
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.14.108 (including) | 4.15 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.19.31 (including) | 4.20 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.0.4 (including) | 6.6.89 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.23 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.13.11 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.14 (including) | 6.14.2 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/36cef585e2a31e4ddf33a004b0584a7a572246de
- https://git.kernel.org/stable/c/6f6064dab4dcfb7e34a395040a0c9dc22cc8765d
- https://git.kernel.org/stable/c/7a58d4c4cf8ff60ab1f93399deefaf6057da91c7
- https://git.kernel.org/stable/c/845e9286ff99ee88cfdeb2b748f730003a512190
- https://git.kernel.org/stable/c/a505075730d23ccc19fc4ac382a0ed73b630c057