CVE-2025-40207
media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try()
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
12 Nov 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In the Linux kernel, the following vulnerability has been resolved:
media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try()
v4l2_subdev_call_state_try() macro allocates a subdev state with
__v4l2_subdev_state_alloc(), but does not check the returned value. If
__v4l2_subdev_state_alloc fails, it returns an ERR_PTR, and that would
cause v4l2_subdev_call_state_try() to crash.
Add proper error handling to v4l2_subdev_call_state_try().
Affected products
Linux · LinuxReferences
https://git.kernel.org/stable/c/5b0057459cdc243ffb35617603142dcace09c711https://git.kernel.org/stable/c/94e6336dc1f06a06f5b4cd04d4a012bba34f2857https://git.kernel.org/stable/c/a553530b3314a0bdc98cf114cdbe204551a70a00https://git.kernel.org/stable/c/ed30811fbed40751deb952bde534aa2632dc0bf7https://git.kernel.org/stable/c/f37df9a0eb5e43fcfe02cbaef076123dc0d79c7e