CVE-2025-40207

Published: Nov 12, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() v4l2_subdev_call_state_try() macro allocates a subdev state with __v4l2_subdev_state_alloc(), but does not check the returned value. If __v4l2_subdev_state_alloc fails, it returns an ERR_PTR, and that would cause v4l2_subdev_call_state_try() to crash. Add proper error handling to v4l2_subdev_call_state_try().

Vendor	Product	Versions
Linux	Linux	affected `982c0487185bd466059ff618f398a8d074ddb654 - < 5b0057459cdc243ffb35617603142dcace09c711` affected `982c0487185bd466059ff618f398a8d074ddb654 - < ed30811fbed40751deb952bde534aa2632dc0bf7` affected `982c0487185bd466059ff618f398a8d074ddb654 - < 94e6336dc1f06a06f5b4cd04d4a012bba34f2857` affected `982c0487185bd466059ff618f398a8d074ddb654 - < a553530b3314a0bdc98cf114cdbe204551a70a00` affected `982c0487185bd466059ff618f398a8d074ddb654 - < f37df9a0eb5e43fcfe02cbaef076123dc0d79c7e`
Linux	Linux	affected `6.0` unaffected `0 - < 6.0` unaffected `6.1.157 - <= 6.1.` unaffected `6.6.113 - <= 6.6.` unaffected `6.12.54 - <= 6.12.*` +2 more versions

References

https://git.kernel.org/stable/c/5b0057459cdc243ffb35617603142dcace09c711

https://git.kernel.org/stable/c/ed30811fbed40751deb952bde534aa2632dc0bf7

https://git.kernel.org/stable/c/94e6336dc1f06a06f5b4cd04d4a012bba34f2857

https://git.kernel.org/stable/c/a553530b3314a0bdc98cf114cdbe204551a70a00

https://git.kernel.org/stable/c/f37df9a0eb5e43fcfe02cbaef076123dc0d79c7e

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-40207

Description

Affected Products

References