Skip to main content

Linux Kernel CVE-2025-68175

2025-12-16 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Lifecycle Timeline

2
Analysis Generated
Apr 02, 2026 - 12:22 vuln.today
CVE Published
Dec 16, 2025 - 14:15 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

media: nxp: imx8-isi: Fix streaming cleanup on release

The current implementation unconditionally calls mxc_isi_video_cleanup_streaming() in mxc_isi_video_release(). This can lead to situations where any release call (like from a simple "v4l2-ctl -l") may release a currently streaming queue when called on such a device.

This is reproducible on an i.MX8MP board by streaming from an ISI capture device using gstreamer:

gst-launch-1.0 -v v4l2src device=/dev/videoX ! \ video/x-raw,format=GRAY8,width=1280,height=800,framerate=1/120 ! \ fakesink

While this stream is running, querying the caps of the same device provokes the error state:

v4l2-ctl -l -d /dev/videoX

This results in the following trace:

[ 155.452152] ------------[ cut here ]------------ [ 155.452163] WARNING: CPU: 0 PID: 1708 at drivers/media/platform/nxp/imx8-isi/imx8-isi-pipe.c:713 mxc_isi_pipe_irq_handler+0x19c/0x1b0 [imx8_isi] [ 157.004248] Modules linked in: cfg80211 rpmsg_ctrl rpmsg_char rpmsg_tty virtio_rpmsg_bus rpmsg_ns rpmsg_core rfkill nft_ct nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nf_tables mcp251x6 [ 157.053499] CPU: 0 UID: 0 PID: 1708 Comm: python3 Not tainted 6.15.4-00114-g1f61ca5cad76 #1 PREEMPT [ 157.064369] Hardware name: imx8mp_board_01 (DT) [ 157.068205] pstate: 400000c5 (nZcv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 157.075169] pc : mxc_isi_pipe_irq_handler+0x19c/0x1b0 [imx8_isi] [ 157.081195] lr : mxc_isi_pipe_irq_handler+0x38/0x1b0 [imx8_isi] [ 157.087126] sp : ffff800080003ee0 [ 157.090438] x29: ffff800080003ee0 x28: ffff0000c3688000 x27: 0000000000000000 [ 157.097580] x26: 0000000000000000 x25: ffff0000c1e7ac00 x24: ffff800081b5ad50 [ 157.104723] x23: 00000000000000d1 x22: 0000000000000000 x21: ffff0000c25e4000 [ 157.111866] x20: 0000000060000200 x19: ffff80007a0608d0 x18: 0000000000000000 [ 157.119008] x17: ffff80006a4e3000 x16: ffff800080000000 x15: 0000000000000000 [ 157.126146] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 [ 157.133287] x11: 0000000000000040 x10: ffff0000c01445f0 x9 : ffff80007a053a38 [ 157.140425] x8 : ffff0000c04004b8 x7 : 0000000000000000 x6 : 0000000000000000 [ 157.147567] x5 : ffff0000c0400490 x4 : ffff80006a4e3000 x3 : ffff0000c25e4000 [ 157.154706] x2 : 0000000000000000 x1 : ffff8000825c0014 x0 : 0000000060000200 [ 157.161850] Call trace: [ 157.164296] mxc_isi_pipe_irq_handler+0x19c/0x1b0 [imx8_isi] (P) [ 157.170319] __handle_irq_event_percpu+0x58/0x218 [ 157.175029] handle_irq_event+0x54/0xb8 [ 157.178867] handle_fasteoi_irq+0xac/0x248 [ 157.182968] handle_irq_desc+0x48/0x68 [ 157.186723] generic_handle_domain_irq+0x24/0x38 [ 157.191346] gic_handle_irq+0x54/0x120 [ 157.195098] call_on_irq_stack+0x24/0x30 [ 157.199027] do_interrupt_handler+0x88/0x98 [ 157.203212] el0_interrupt+0x44/0xc0 [ 157.206792] __el0_irq_handler_common+0x18/0x28 [ 157.211328] el0t_64_irq_handler+0x10/0x20 [ 157.215429] el0t_64_irq+0x198/0x1a0 [ 157.219009] ---[ end trace 0000000000000000 ]---

Address this issue by moving the streaming preparation and cleanup to the vb2 .prepare_streaming() and .unprepare_streaming() operations. This also simplifies the driver by allowing direct usage of the vb2_ioctl_streamon() and vb2_ioctl_streamoff() helpers, and removal of the manual cleanup from mxc_isi_video_release().

AnalysisAI

Linux kernel media driver (imx8-isi) improperly releases video streaming resources when any device file operation occurs, allowing local users to interrupt active video capture streams. A simple query operation like 'v4l2-ctl -l' executed on a device while streaming via gstreamer can terminate the stream and trigger kernel warnings. This is a Linux kernel regression affecting i.MX8MP boards and similar platforms using the NXP ISI (Image Sensor Interface) driver; no public exploit code or active exploitation has been identified, and the vulnerability has been resolved upstream via kernel patch.

Technical ContextAI

The vulnerability resides in the NXP imx8-isi video capture driver (drivers/media/platform/nxp/imx8-isi/) within the Video for Linux 2 (V4L2) subsystem. The root cause is improper state management in the video device release path: mxc_isi_video_release() unconditionally invokes mxc_isi_video_cleanup_streaming() regardless of whether video streaming is active. This violates the expectation that simple querying operations (such as capability enumeration via v4l2-ctl) should not affect active streams. The fix implements proper streaming lifecycle management by relocating stream preparation and cleanup operations to the vb2 (Video for Linux 2 Buffer) queue operations (.prepare_streaming() and .unprepare_streaming()), allowing the driver to distinguish between device queries and actual streaming operations. The affected CPE is cpe:2.3:o:linux:linux_kernel with versions prior to the fixed commits.

Affected ProductsAI

Linux kernel versions prior to commit 029914306b93b37c6e7060793d2b6f76b935cfa6 (stable) and commit 47773031a148ad7973b809cc7723cba77eda2b42, specifically affecting systems with the NXP imx8-isi media driver enabled (cpe:2.3:o:linux:linux_kernel). The vulnerability is primarily observed on i.MX8MP boards (imx8mp_board_01 noted in the kernel trace) and other platforms using the ISI (Image Sensor Interface) hardware. The driver code path imx8-isi/imx8-isi-video.c in the media subsystem is the affected component; kernel versions supporting this driver are vulnerable until patched.

RemediationAI

Upgrade to a Linux kernel version incorporating the fix from upstream commits 029914306b93b37c6e7060793d2b6f76b935cfa6, 47773031a148ad7973b809cc7723cba77eda2b42, or a2008925ed7361d69f92f63f0a779c300432610a. Verify the fix is included in your kernel's stable branch release (accessible via https://git.kernel.org/stable/). For systems unable to immediately upgrade, avoid running concurrent v4l2-ctl queries or other device file operations on active video capture devices; schedule querying operations during non-streaming periods. Device vendors and embedded system integrators should backport the upstream commits to their kernel branches and roll out patched images to deployed i.MX8MP systems. The fix is straightforward (refactoring streaming lifecycle management to vb2 queue operations) and should have no compatibility impact.

CVE-2022-0847 HIGH POC
7.8 Mar 10

Linux kernel contains a flaw known as 'Dirty Pipe' where improper pipe buffer flag initialization allows unprivileged lo

CVE-2015-1328 HIGH POC
7.8 Nov 28

The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does no

CVE-2017-7308 HIGH POC
7.8 Mar 29

The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate cer

CVE-2017-16995 HIGH POC
7.8 Dec 27

The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.4 allows local users to cause a denial

CVE-2017-1000112 HIGH POC
7.0 Oct 05

Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. Rated high severity (CVSS 7.0). Public ex

CVE-2015-8660 MEDIUM POC
6.7 Dec 28

The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr op

CVE-2012-0056 MEDIUM POC
6.9 Jan 27

The mem_write function in the Linux kernel before 3.2.2, when ASLR is disabled, does not properly check permissions when

CVE-2014-0038 MEDIUM POC
6.9 Feb 06

The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allo

CVE-2016-8655 HIGH POC
7.8 Dec 08

Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cau

CVE-2016-0728 HIGH POC
7.8 Feb 08

The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object ref

CVE-2017-0561 CRITICAL POC
9.8 Apr 07

A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary

CVE-2022-2588 MEDIUM POC
5.3 Jan 08

It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the h

Share

CVE-2025-68175 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy