Google Git
Sign in
kernel / pub / scm / linux / security / vulns / refs/heads/sasha-vulnerable / . / cve / published / 2025 / CVE-2025-22028.json
blob: 79eab4e79fa9f732fd23e7d30b207012066e9677 [file] [log] [blame]
{
"containers": {
"cna": {
"providerMetadata": {
"orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
},
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: vimc: skip .s_stream() for stopped entities\n\nSyzbot reported [1] a warning prompted by a check in call_s_stream()\nthat checks whether .s_stream() operation is warranted for unstarted\nor stopped subdevs.\n\nAdd a simple fix in vimc_streamer_pipeline_terminate() ensuring that\nentities skip a call to .s_stream() unless they have been previously\nproperly started.\n\n[1] Syzbot report:\n------------[ cut here ]------------\nWARNING: CPU: 0 PID: 5933 at drivers/media/v4l2-core/v4l2-subdev.c:460 call_s_stream+0x2df/0x350 drivers/media/v4l2-core/v4l2-subdev.c:460\nModules linked in:\nCPU: 0 UID: 0 PID: 5933 Comm: syz-executor330 Not tainted 6.13.0-rc2-syzkaller-00362-g2d8308bf5b67 #0\n...\nCall Trace:\n <TASK>\n vimc_streamer_pipeline_terminate+0x218/0x320 drivers/media/test-drivers/vimc/vimc-streamer.c:62\n vimc_streamer_pipeline_init drivers/media/test-drivers/vimc/vimc-streamer.c:101 [inline]\n vimc_streamer_s_stream+0x650/0x9a0 drivers/media/test-drivers/vimc/vimc-streamer.c:203\n vimc_capture_start_streaming+0xa1/0x130 drivers/media/test-drivers/vimc/vimc-capture.c:256\n vb2_start_streaming+0x15f/0x5a0 drivers/media/common/videobuf2/videobuf2-core.c:1789\n vb2_core_streamon+0x2a7/0x450 drivers/media/common/videobuf2/videobuf2-core.c:2348\n vb2_streamon drivers/media/common/videobuf2/videobuf2-v4l2.c:875 [inline]\n vb2_ioctl_streamon+0xf4/0x170 drivers/media/common/videobuf2/videobuf2-v4l2.c:1118\n __video_do_ioctl+0xaf0/0xf00 drivers/media/v4l2-core/v4l2-ioctl.c:3122\n video_usercopy+0x4d2/0x1620 drivers/media/v4l2-core/v4l2-ioctl.c:3463\n v4l2_ioctl+0x1ba/0x250 drivers/media/v4l2-core/v4l2-dev.c:366\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:906 [inline]\n __se_sys_ioctl fs/ioctl.c:892 [inline]\n __x64_sys_ioctl+0x190/0x200 fs/ioctl.c:892\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f2b85c01b19\n..."
}
],
"affected": [
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/media/test-drivers/vimc/vimc-streamer.c"
],
"versions": [
{
"version": "adc589d2a20808fb99d46a78175cd023f2040338",
"lessThan": "a505075730d23ccc19fc4ac382a0ed73b630c057",
"status": "affected",
"versionType": "git"
},
{
"version": "adc589d2a20808fb99d46a78175cd023f2040338",
"lessThan": "845e9286ff99ee88cfdeb2b748f730003a512190",
"status": "affected",
"versionType": "git"
},
{
"version": "adc589d2a20808fb99d46a78175cd023f2040338",
"lessThan": "6f6064dab4dcfb7e34a395040a0c9dc22cc8765d",
"status": "affected",
"versionType": "git"
},
{
"version": "adc589d2a20808fb99d46a78175cd023f2040338",
"lessThan": "7a58d4c4cf8ff60ab1f93399deefaf6057da91c7",
"status": "affected",
"versionType": "git"
},
{
"version": "adc589d2a20808fb99d46a78175cd023f2040338",
"lessThan": "36cef585e2a31e4ddf33a004b0584a7a572246de",
"status": "affected",
"versionType": "git"
},
{
"version": "77fbb561bb09f56877dd84318212da393909975f",
"status": "affected",
"versionType": "git"
},
{
"version": "73236bf581e96eb48808fea522351ed81e24c9cc",
"status": "affected",
"versionType": "git"
},
{
"version": "e7ae48ae47227c0302b9f4b15a5bf45934a55673",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "affected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/media/test-drivers/vimc/vimc-streamer.c"
],
"versions": [
{
"version": "5.1",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.1",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.89",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.23",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13.11",
"lessThanOrEqual": "6.13.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.14.2",
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.15",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.1",
"versionEndExcluding": "6.6.89"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.1",
"versionEndExcluding": "6.12.23"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.1",
"versionEndExcluding": "6.13.11"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.1",
"versionEndExcluding": "6.14.2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.1",
"versionEndExcluding": "6.15"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.108"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19.31"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.4"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/a505075730d23ccc19fc4ac382a0ed73b630c057"
},
{
"url": "https://git.kernel.org/stable/c/845e9286ff99ee88cfdeb2b748f730003a512190"
},
{
"url": "https://git.kernel.org/stable/c/6f6064dab4dcfb7e34a395040a0c9dc22cc8765d"
},
{
"url": "https://git.kernel.org/stable/c/7a58d4c4cf8ff60ab1f93399deefaf6057da91c7"
},
{
"url": "https://git.kernel.org/stable/c/36cef585e2a31e4ddf33a004b0584a7a572246de"
}
],
"title": "media: vimc: skip .s_stream() for stopped entities",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
"cveID": "CVE-2025-22028",
"requesterUserId": "gregkh@kernel.org",
"serial": "1",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}