CVE-2025-23160
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
01/05/2025
Last modified:
06/11/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization<br />
<br />
On Mediatek devices with a system companion processor (SCP) the mtk_scp<br />
structure has to be removed explicitly to avoid a resource leak.<br />
Free the structure in case the allocation of the firmware structure fails<br />
during the firmware initialization.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.1.130 (including) | 6.1.153 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.6.36 (including) | 6.6.88 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.9.7 (including) | 6.12.24 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.13.12 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.14 (including) | 6.14.3 (excluding) |
| cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/4936cd5817af35d23e4d283f48fa59a18ef481e4
- https://git.kernel.org/stable/c/69dd5bbdd79c65445bb17c3c53510783bc1d756c
- https://git.kernel.org/stable/c/9f009fa823c54ca0857c81f7525ea5a5d32de29c
- https://git.kernel.org/stable/c/ac94e1db4b2053059779472eb58a64d504964240
- https://git.kernel.org/stable/c/d6cb086aa52bd51378a4c9e2b25d2def97770205
- https://git.kernel.org/stable/c/fd7bb97ede487b9f075707b7408a9073e0d474b1
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html