CVE-2025-39714
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
05/09/2025
Last modified:
03/11/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
media: usbtv: Lock resolution while streaming<br />
<br />
When an program is streaming (ffplay) and another program (qv4l2)<br />
changes the TV standard from NTSC to PAL, the kernel crashes due to trying<br />
to copy to unmapped memory.<br />
<br />
Changing from NTSC to PAL increases the resolution in the usbtv struct,<br />
but the video plane buffer isn&#39;t adjusted, so it overflows.<br />
<br />
[hverkuil: call vb2_is_busy instead of vb2_is_streaming]
Impact
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/3d83d0b5ae5045a7a246ed116b5f6c688a12f9e9
- https://git.kernel.org/stable/c/5427dda195d6baf23028196fd55a0c90f66ffa61
- https://git.kernel.org/stable/c/7e40e0bb778907b2441bff68d73c3eb6b6cd319f
- https://git.kernel.org/stable/c/9f886d21e235c4bd038cb20f6696084304197ab3
- https://git.kernel.org/stable/c/c35e7c7a004ef379a1ae7c7486d4829419acad1d
- https://git.kernel.org/stable/c/c3d75524e10021aa5c223d94da4996640aed46c0
- https://git.kernel.org/stable/c/ee7bade8b9244834229b12b6e1e724939bedd484
- https://git.kernel.org/stable/c/ef9b3c22405192afaa279077ddd45a51db90b83d
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html