cvelistv5 - cve-2025-68175

CVE-2025-68175 (GCVE-0-2025-68175)

Vulnerability from cvelistv5

Published

2025-12-16 13:42

Modified

2025-12-16 13:42

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: media: nxp: imx8-isi: Fix streaming cleanup on release The current implementation unconditionally calls mxc_isi_video_cleanup_streaming() in mxc_isi_video_release(). This can lead to situations where any release call (like from a simple "v4l2-ctl -l") may release a currently streaming queue when called on such a device. This is reproducible on an i.MX8MP board by streaming from an ISI capture device using gstreamer: gst-launch-1.0 -v v4l2src device=/dev/videoX ! \ video/x-raw,format=GRAY8,width=1280,height=800,framerate=1/120 ! \ fakesink While this stream is running, querying the caps of the same device provokes the error state: v4l2-ctl -l -d /dev/videoX This results in the following trace: [ 155.452152] ------------[ cut here ]------------ [ 155.452163] WARNING: CPU: 0 PID: 1708 at drivers/media/platform/nxp/imx8-isi/imx8-isi-pipe.c:713 mxc_isi_pipe_irq_handler+0x19c/0x1b0 [imx8_isi] [ 157.004248] Modules linked in: cfg80211 rpmsg_ctrl rpmsg_char rpmsg_tty virtio_rpmsg_bus rpmsg_ns rpmsg_core rfkill nft_ct nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nf_tables mcp251x6 [ 157.053499] CPU: 0 UID: 0 PID: 1708 Comm: python3 Not tainted 6.15.4-00114-g1f61ca5cad76 #1 PREEMPT [ 157.064369] Hardware name: imx8mp_board_01 (DT) [ 157.068205] pstate: 400000c5 (nZcv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 157.075169] pc : mxc_isi_pipe_irq_handler+0x19c/0x1b0 [imx8_isi] [ 157.081195] lr : mxc_isi_pipe_irq_handler+0x38/0x1b0 [imx8_isi] [ 157.087126] sp : ffff800080003ee0 [ 157.090438] x29: ffff800080003ee0 x28: ffff0000c3688000 x27: 0000000000000000 [ 157.097580] x26: 0000000000000000 x25: ffff0000c1e7ac00 x24: ffff800081b5ad50 [ 157.104723] x23: 00000000000000d1 x22: 0000000000000000 x21: ffff0000c25e4000 [ 157.111866] x20: 0000000060000200 x19: ffff80007a0608d0 x18: 0000000000000000 [ 157.119008] x17: ffff80006a4e3000 x16: ffff800080000000 x15: 0000000000000000 [ 157.126146] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 [ 157.133287] x11: 0000000000000040 x10: ffff0000c01445f0 x9 : ffff80007a053a38 [ 157.140425] x8 : ffff0000c04004b8 x7 : 0000000000000000 x6 : 0000000000000000 [ 157.147567] x5 : ffff0000c0400490 x4 : ffff80006a4e3000 x3 : ffff0000c25e4000 [ 157.154706] x2 : 0000000000000000 x1 : ffff8000825c0014 x0 : 0000000060000200 [ 157.161850] Call trace: [ 157.164296] mxc_isi_pipe_irq_handler+0x19c/0x1b0 [imx8_isi] (P) [ 157.170319] __handle_irq_event_percpu+0x58/0x218 [ 157.175029] handle_irq_event+0x54/0xb8 [ 157.178867] handle_fasteoi_irq+0xac/0x248 [ 157.182968] handle_irq_desc+0x48/0x68 [ 157.186723] generic_handle_domain_irq+0x24/0x38 [ 157.191346] gic_handle_irq+0x54/0x120 [ 157.195098] call_on_irq_stack+0x24/0x30 [ 157.199027] do_interrupt_handler+0x88/0x98 [ 157.203212] el0_interrupt+0x44/0xc0 [ 157.206792] __el0_irq_handler_common+0x18/0x28 [ 157.211328] el0t_64_irq_handler+0x10/0x20 [ 157.215429] el0t_64_irq+0x198/0x1a0 [ 157.219009] ---[ end trace 0000000000000000 ]--- Address this issue by moving the streaming preparation and cleanup to the vb2 .prepare_streaming() and .unprepare_streaming() operations. This also simplifies the driver by allowing direct usage of the vb2_ioctl_streamon() and vb2_ioctl_streamoff() helpers, and removal of the manual cleanup from mxc_isi_video_release().

References

URL

Tags

	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/029914306b93b37c6e7060793d2b6f76b935cfa6
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/47773031a148ad7973b809cc7723cba77eda2b42

Impacted products

Vendor

Product

Version

Linux

Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/platform/nxp/imx8-isi/imx8-isi-video.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "029914306b93b37c6e7060793d2b6f76b935cfa6",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "47773031a148ad7973b809cc7723cba77eda2b42",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/platform/nxp/imx8-isi/imx8-isi-video.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "6.17.*",
              "status": "unaffected",
              "version": "6.17.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.18",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: nxp: imx8-isi: Fix streaming cleanup on release\n\nThe current implementation unconditionally calls\nmxc_isi_video_cleanup_streaming() in mxc_isi_video_release(). This can\nlead to situations where any release call (like from a simple\n\"v4l2-ctl -l\") may release a currently streaming queue when called on\nsuch a device.\n\nThis is reproducible on an i.MX8MP board by streaming from an ISI\ncapture device using gstreamer:\n\n\tgst-launch-1.0 -v v4l2src device=/dev/videoX ! \\\n\t    video/x-raw,format=GRAY8,width=1280,height=800,framerate=1/120 ! \\\n\t    fakesink\n\nWhile this stream is running, querying the caps of the same device\nprovokes the error state:\n\n\tv4l2-ctl -l -d /dev/videoX\n\nThis results in the following trace:\n\n[  155.452152] ------------[ cut here ]------------\n[  155.452163] WARNING: CPU: 0 PID: 1708 at drivers/media/platform/nxp/imx8-isi/imx8-isi-pipe.c:713 mxc_isi_pipe_irq_handler+0x19c/0x1b0 [imx8_isi]\n[  157.004248] Modules linked in: cfg80211 rpmsg_ctrl rpmsg_char rpmsg_tty virtio_rpmsg_bus rpmsg_ns rpmsg_core rfkill nft_ct nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nf_tables mcp251x6\n[  157.053499] CPU: 0 UID: 0 PID: 1708 Comm: python3 Not tainted 6.15.4-00114-g1f61ca5cad76 #1 PREEMPT\n[  157.064369] Hardware name: imx8mp_board_01 (DT)\n[  157.068205] pstate: 400000c5 (nZcv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[  157.075169] pc : mxc_isi_pipe_irq_handler+0x19c/0x1b0 [imx8_isi]\n[  157.081195] lr : mxc_isi_pipe_irq_handler+0x38/0x1b0 [imx8_isi]\n[  157.087126] sp : ffff800080003ee0\n[  157.090438] x29: ffff800080003ee0 x28: ffff0000c3688000 x27: 0000000000000000\n[  157.097580] x26: 0000000000000000 x25: ffff0000c1e7ac00 x24: ffff800081b5ad50\n[  157.104723] x23: 00000000000000d1 x22: 0000000000000000 x21: ffff0000c25e4000\n[  157.111866] x20: 0000000060000200 x19: ffff80007a0608d0 x18: 0000000000000000\n[  157.119008] x17: ffff80006a4e3000 x16: ffff800080000000 x15: 0000000000000000\n[  157.126146] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n[  157.133287] x11: 0000000000000040 x10: ffff0000c01445f0 x9 : ffff80007a053a38\n[  157.140425] x8 : ffff0000c04004b8 x7 : 0000000000000000 x6 : 0000000000000000\n[  157.147567] x5 : ffff0000c0400490 x4 : ffff80006a4e3000 x3 : ffff0000c25e4000\n[  157.154706] x2 : 0000000000000000 x1 : ffff8000825c0014 x0 : 0000000060000200\n[  157.161850] Call trace:\n[  157.164296]  mxc_isi_pipe_irq_handler+0x19c/0x1b0 [imx8_isi] (P)\n[  157.170319]  __handle_irq_event_percpu+0x58/0x218\n[  157.175029]  handle_irq_event+0x54/0xb8\n[  157.178867]  handle_fasteoi_irq+0xac/0x248\n[  157.182968]  handle_irq_desc+0x48/0x68\n[  157.186723]  generic_handle_domain_irq+0x24/0x38\n[  157.191346]  gic_handle_irq+0x54/0x120\n[  157.195098]  call_on_irq_stack+0x24/0x30\n[  157.199027]  do_interrupt_handler+0x88/0x98\n[  157.203212]  el0_interrupt+0x44/0xc0\n[  157.206792]  __el0_irq_handler_common+0x18/0x28\n[  157.211328]  el0t_64_irq_handler+0x10/0x20\n[  157.215429]  el0t_64_irq+0x198/0x1a0\n[  157.219009] ---[ end trace 0000000000000000 ]---\n\nAddress this issue by moving the streaming preparation and cleanup to\nthe vb2 .prepare_streaming() and .unprepare_streaming() operations. This\nalso simplifies the driver by allowing direct usage of the\nvb2_ioctl_streamon() and vb2_ioctl_streamoff() helpers, and removal of\nthe manual cleanup from mxc_isi_video_release()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-16T13:42:54.913Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/029914306b93b37c6e7060793d2b6f76b935cfa6"
        },
        {
          "url": "https://git.kernel.org/stable/c/47773031a148ad7973b809cc7723cba77eda2b42"
        }
      ],
      "title": "media: nxp: imx8-isi: Fix streaming cleanup on release",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-68175",
    "datePublished": "2025-12-16T13:42:54.913Z",
    "dateReserved": "2025-12-16T13:41:40.251Z",
    "dateUpdated": "2025-12-16T13:42:54.913Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-68175\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-12-16T14:15:49.433\",\"lastModified\":\"2025-12-18T15:08:25.907\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nmedia: nxp: imx8-isi: Fix streaming cleanup on release\\n\\nThe current implementation unconditionally calls\\nmxc_isi_video_cleanup_streaming() in mxc_isi_video_release(). This can\\nlead to situations where any release call (like from a simple\\n\\\"v4l2-ctl -l\\\") may release a currently streaming queue when called on\\nsuch a device.\\n\\nThis is reproducible on an i.MX8MP board by streaming from an ISI\\ncapture device using gstreamer:\\n\\n\\tgst-launch-1.0 -v v4l2src device=/dev/videoX ! \\\\\\n\\t    video/x-raw,format=GRAY8,width=1280,height=800,framerate=1/120 ! \\\\\\n\\t    fakesink\\n\\nWhile this stream is running, querying the caps of the same device\\nprovokes the error state:\\n\\n\\tv4l2-ctl -l -d /dev/videoX\\n\\nThis results in the following trace:\\n\\n[  155.452152] ------------[ cut here ]------------\\n[  155.452163] WARNING: CPU: 0 PID: 1708 at drivers/media/platform/nxp/imx8-isi/imx8-isi-pipe.c:713 mxc_isi_pipe_irq_handler+0x19c/0x1b0 [imx8_isi]\\n[  157.004248] Modules linked in: cfg80211 rpmsg_ctrl rpmsg_char rpmsg_tty virtio_rpmsg_bus rpmsg_ns rpmsg_core rfkill nft_ct nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nf_tables mcp251x6\\n[  157.053499] CPU: 0 UID: 0 PID: 1708 Comm: python3 Not tainted 6.15.4-00114-g1f61ca5cad76 #1 PREEMPT\\n[  157.064369] Hardware name: imx8mp_board_01 (DT)\\n[  157.068205] pstate: 400000c5 (nZcv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\\n[  157.075169] pc : mxc_isi_pipe_irq_handler+0x19c/0x1b0 [imx8_isi]\\n[  157.081195] lr : mxc_isi_pipe_irq_handler+0x38/0x1b0 [imx8_isi]\\n[  157.087126] sp : ffff800080003ee0\\n[  157.090438] x29: ffff800080003ee0 x28: ffff0000c3688000 x27: 0000000000000000\\n[  157.097580] x26: 0000000000000000 x25: ffff0000c1e7ac00 x24: ffff800081b5ad50\\n[  157.104723] x23: 00000000000000d1 x22: 0000000000000000 x21: ffff0000c25e4000\\n[  157.111866] x20: 0000000060000200 x19: ffff80007a0608d0 x18: 0000000000000000\\n[  157.119008] x17: ffff80006a4e3000 x16: ffff800080000000 x15: 0000000000000000\\n[  157.126146] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\\n[  157.133287] x11: 0000000000000040 x10: ffff0000c01445f0 x9 : ffff80007a053a38\\n[  157.140425] x8 : ffff0000c04004b8 x7 : 0000000000000000 x6 : 0000000000000000\\n[  157.147567] x5 : ffff0000c0400490 x4 : ffff80006a4e3000 x3 : ffff0000c25e4000\\n[  157.154706] x2 : 0000000000000000 x1 : ffff8000825c0014 x0 : 0000000060000200\\n[  157.161850] Call trace:\\n[  157.164296]  mxc_isi_pipe_irq_handler+0x19c/0x1b0 [imx8_isi] (P)\\n[  157.170319]  __handle_irq_event_percpu+0x58/0x218\\n[  157.175029]  handle_irq_event+0x54/0xb8\\n[  157.178867]  handle_fasteoi_irq+0xac/0x248\\n[  157.182968]  handle_irq_desc+0x48/0x68\\n[  157.186723]  generic_handle_domain_irq+0x24/0x38\\n[  157.191346]  gic_handle_irq+0x54/0x120\\n[  157.195098]  call_on_irq_stack+0x24/0x30\\n[  157.199027]  do_interrupt_handler+0x88/0x98\\n[  157.203212]  el0_interrupt+0x44/0xc0\\n[  157.206792]  __el0_irq_handler_common+0x18/0x28\\n[  157.211328]  el0t_64_irq_handler+0x10/0x20\\n[  157.215429]  el0t_64_irq+0x198/0x1a0\\n[  157.219009] ---[ end trace 0000000000000000 ]---\\n\\nAddress this issue by moving the streaming preparation and cleanup to\\nthe vb2 .prepare_streaming() and .unprepare_streaming() operations. This\\nalso simplifies the driver by allowing direct usage of the\\nvb2_ioctl_streamon() and vb2_ioctl_streamoff() helpers, and removal of\\nthe manual cleanup from mxc_isi_video_release().\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/029914306b93b37c6e7060793d2b6f76b935cfa6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/47773031a148ad7973b809cc7723cba77eda2b42\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}

msrc_cve-2025-68175

Vulnerability from csaf_microsoft

Published

2025-12-02 00:00

Modified

2025-12-17 01:03

Summary

media: nxp: imx8-isi: Fix streaming cleanup on release

Notes

Additional Resources

To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer

The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2025-68175 media: nxp: imx8-isi: Fix streaming cleanup on release - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-68175.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "media: nxp: imx8-isi: Fix streaming cleanup on release",
    "tracking": {
      "current_release_date": "2025-12-17T01:03:49.000Z",
      "generator": {
        "date": "2025-12-17T20:06:03.144Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2025-68175",
      "initial_release_date": "2025-12-02T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2025-12-17T01:03:49.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3.0",
                "product": {
                  "name": "Azure Linux 3.0",
                  "product_id": "17084"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "azl3 kernel 6.6.117.1-1",
                "product": {
                  "name": "azl3 kernel 6.6.117.1-1",
                  "product_id": "1"
                }
              }
            ],
            "category": "product_name",
            "name": "kernel"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 kernel 6.6.117.1-1 as a component of Azure Linux 3.0",
          "product_id": "17084-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17084"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-68175",
      "notes": [
        {
          "category": "general",
          "text": "Linux",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "known_affected": [
          "17084-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-68175 media: nxp: imx8-isi: Fix streaming cleanup on release - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-68175.json"
        }
      ],
      "remediations": [
        {
          "category": "none_available",
          "date": "2025-12-17T01:03:49.000Z",
          "details": "There is no fix available for this vulnerability as of now",
          "product_ids": [
            "17084-1"
          ]
        }
      ],
      "title": "media: nxp: imx8-isi: Fix streaming cleanup on release"
    }
  ]
}

ghsa-j5pm-p7rh-c37w

Vulnerability from github

Published

2025-12-16 15:30

Modified

2025-12-16 15:30

Details

In the Linux kernel, the following vulnerability has been resolved:

media: nxp: imx8-isi: Fix streaming cleanup on release

The current implementation unconditionally calls mxc_isi_video_cleanup_streaming() in mxc_isi_video_release(). This can lead to situations where any release call (like from a simple "v4l2-ctl -l") may release a currently streaming queue when called on such a device.

This is reproducible on an i.MX8MP board by streaming from an ISI capture device using gstreamer:

gst-launch-1.0 -v v4l2src device=/dev/videoX ! \
    video/x-raw,format=GRAY8,width=1280,height=800,framerate=1/120 ! \
    fakesink

While this stream is running, querying the caps of the same device provokes the error state:

v4l2-ctl -l -d /dev/videoX

This results in the following trace:

[ 155.452152] ------------[ cut here ]------------ [ 155.452163] WARNING: CPU: 0 PID: 1708 at drivers/media/platform/nxp/imx8-isi/imx8-isi-pipe.c:713 mxc_isi_pipe_irq_handler+0x19c/0x1b0 [imx8_isi] [ 157.004248] Modules linked in: cfg80211 rpmsg_ctrl rpmsg_char rpmsg_tty virtio_rpmsg_bus rpmsg_ns rpmsg_core rfkill nft_ct nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nf_tables mcp251x6 [ 157.053499] CPU: 0 UID: 0 PID: 1708 Comm: python3 Not tainted 6.15.4-00114-g1f61ca5cad76 #1 PREEMPT [ 157.064369] Hardware name: imx8mp_board_01 (DT) [ 157.068205] pstate: 400000c5 (nZcv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 157.075169] pc : mxc_isi_pipe_irq_handler+0x19c/0x1b0 [imx8_isi] [ 157.081195] lr : mxc_isi_pipe_irq_handler+0x38/0x1b0 [imx8_isi] [ 157.087126] sp : ffff800080003ee0 [ 157.090438] x29: ffff800080003ee0 x28: ffff0000c3688000 x27: 0000000000000000 [ 157.097580] x26: 0000000000000000 x25: ffff0000c1e7ac00 x24: ffff800081b5ad50 [ 157.104723] x23: 00000000000000d1 x22: 0000000000000000 x21: ffff0000c25e4000 [ 157.111866] x20: 0000000060000200 x19: ffff80007a0608d0 x18: 0000000000000000 [ 157.119008] x17: ffff80006a4e3000 x16: ffff800080000000 x15: 0000000000000000 [ 157.126146] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 [ 157.133287] x11: 0000000000000040 x10: ffff0000c01445f0 x9 : ffff80007a053a38 [ 157.140425] x8 : ffff0000c04004b8 x7 : 0000000000000000 x6 : 0000000000000000 [ 157.147567] x5 : ffff0000c0400490 x4 : ffff80006a4e3000 x3 : ffff0000c25e4000 [ 157.154706] x2 : 0000000000000000 x1 : ffff8000825c0014 x0 : 0000000060000200 [ 157.161850] Call trace: [ 157.164296] mxc_isi_pipe_irq_handler+0x19c/0x1b0 [imx8_isi] (P) [ 157.170319] __handle_irq_event_percpu+0x58/0x218 [ 157.175029] handle_irq_event+0x54/0xb8 [ 157.178867] handle_fasteoi_irq+0xac/0x248 [ 157.182968] handle_irq_desc+0x48/0x68 [ 157.186723] generic_handle_domain_irq+0x24/0x38 [ 157.191346] gic_handle_irq+0x54/0x120 [ 157.195098] call_on_irq_stack+0x24/0x30 [ 157.199027] do_interrupt_handler+0x88/0x98 [ 157.203212] el0_interrupt+0x44/0xc0 [ 157.206792] __el0_irq_handler_common+0x18/0x28 [ 157.211328] el0t_64_irq_handler+0x10/0x20 [ 157.215429] el0t_64_irq+0x198/0x1a0 [ 157.219009] ---[ end trace 0000000000000000 ]---

Address this issue by moving the streaming preparation and cleanup to the vb2 .prepare_streaming() and .unprepare_streaming() operations. This also simplifies the driver by allowing direct usage of the vb2_ioctl_streamon() and vb2_ioctl_streamoff() helpers, and removal of the manual cleanup from mxc_isi_video_release().

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-68175"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-16T14:15:49Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: nxp: imx8-isi: Fix streaming cleanup on release\n\nThe current implementation unconditionally calls\nmxc_isi_video_cleanup_streaming() in mxc_isi_video_release(). This can\nlead to situations where any release call (like from a simple\n\"v4l2-ctl -l\") may release a currently streaming queue when called on\nsuch a device.\n\nThis is reproducible on an i.MX8MP board by streaming from an ISI\ncapture device using gstreamer:\n\n\tgst-launch-1.0 -v v4l2src device=/dev/videoX ! \\\n\t    video/x-raw,format=GRAY8,width=1280,height=800,framerate=1/120 ! \\\n\t    fakesink\n\nWhile this stream is running, querying the caps of the same device\nprovokes the error state:\n\n\tv4l2-ctl -l -d /dev/videoX\n\nThis results in the following trace:\n\n[  155.452152] ------------[ cut here ]------------\n[  155.452163] WARNING: CPU: 0 PID: 1708 at drivers/media/platform/nxp/imx8-isi/imx8-isi-pipe.c:713 mxc_isi_pipe_irq_handler+0x19c/0x1b0 [imx8_isi]\n[  157.004248] Modules linked in: cfg80211 rpmsg_ctrl rpmsg_char rpmsg_tty virtio_rpmsg_bus rpmsg_ns rpmsg_core rfkill nft_ct nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nf_tables mcp251x6\n[  157.053499] CPU: 0 UID: 0 PID: 1708 Comm: python3 Not tainted 6.15.4-00114-g1f61ca5cad76 #1 PREEMPT\n[  157.064369] Hardware name: imx8mp_board_01 (DT)\n[  157.068205] pstate: 400000c5 (nZcv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[  157.075169] pc : mxc_isi_pipe_irq_handler+0x19c/0x1b0 [imx8_isi]\n[  157.081195] lr : mxc_isi_pipe_irq_handler+0x38/0x1b0 [imx8_isi]\n[  157.087126] sp : ffff800080003ee0\n[  157.090438] x29: ffff800080003ee0 x28: ffff0000c3688000 x27: 0000000000000000\n[  157.097580] x26: 0000000000000000 x25: ffff0000c1e7ac00 x24: ffff800081b5ad50\n[  157.104723] x23: 00000000000000d1 x22: 0000000000000000 x21: ffff0000c25e4000\n[  157.111866] x20: 0000000060000200 x19: ffff80007a0608d0 x18: 0000000000000000\n[  157.119008] x17: ffff80006a4e3000 x16: ffff800080000000 x15: 0000000000000000\n[  157.126146] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n[  157.133287] x11: 0000000000000040 x10: ffff0000c01445f0 x9 : ffff80007a053a38\n[  157.140425] x8 : ffff0000c04004b8 x7 : 0000000000000000 x6 : 0000000000000000\n[  157.147567] x5 : ffff0000c0400490 x4 : ffff80006a4e3000 x3 : ffff0000c25e4000\n[  157.154706] x2 : 0000000000000000 x1 : ffff8000825c0014 x0 : 0000000060000200\n[  157.161850] Call trace:\n[  157.164296]  mxc_isi_pipe_irq_handler+0x19c/0x1b0 [imx8_isi] (P)\n[  157.170319]  __handle_irq_event_percpu+0x58/0x218\n[  157.175029]  handle_irq_event+0x54/0xb8\n[  157.178867]  handle_fasteoi_irq+0xac/0x248\n[  157.182968]  handle_irq_desc+0x48/0x68\n[  157.186723]  generic_handle_domain_irq+0x24/0x38\n[  157.191346]  gic_handle_irq+0x54/0x120\n[  157.195098]  call_on_irq_stack+0x24/0x30\n[  157.199027]  do_interrupt_handler+0x88/0x98\n[  157.203212]  el0_interrupt+0x44/0xc0\n[  157.206792]  __el0_irq_handler_common+0x18/0x28\n[  157.211328]  el0t_64_irq_handler+0x10/0x20\n[  157.215429]  el0t_64_irq+0x198/0x1a0\n[  157.219009] ---[ end trace 0000000000000000 ]---\n\nAddress this issue by moving the streaming preparation and cleanup to\nthe vb2 .prepare_streaming() and .unprepare_streaming() operations. This\nalso simplifies the driver by allowing direct usage of the\nvb2_ioctl_streamon() and vb2_ioctl_streamoff() helpers, and removal of\nthe manual cleanup from mxc_isi_video_release().",
  "id": "GHSA-j5pm-p7rh-c37w",
  "modified": "2025-12-16T15:30:44Z",
  "published": "2025-12-16T15:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68175"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/029914306b93b37c6e7060793d2b6f76b935cfa6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/47773031a148ad7973b809cc7723cba77eda2b42"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

fkie_cve-2025-68175

Vulnerability from fkie_nvd

Published

2025-12-16 14:15

Modified

2025-12-18 15:08

Severity ?

Summary

References

	URL	Tags
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/029914306b93b37c6e7060793d2b6f76b935cfa6
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/47773031a148ad7973b809cc7723cba77eda2b42

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: nxp: imx8-isi: Fix streaming cleanup on release\n\nThe current implementation unconditionally calls\nmxc_isi_video_cleanup_streaming() in mxc_isi_video_release(). This can\nlead to situations where any release call (like from a simple\n\"v4l2-ctl -l\") may release a currently streaming queue when called on\nsuch a device.\n\nThis is reproducible on an i.MX8MP board by streaming from an ISI\ncapture device using gstreamer:\n\n\tgst-launch-1.0 -v v4l2src device=/dev/videoX ! \\\n\t    video/x-raw,format=GRAY8,width=1280,height=800,framerate=1/120 ! \\\n\t    fakesink\n\nWhile this stream is running, querying the caps of the same device\nprovokes the error state:\n\n\tv4l2-ctl -l -d /dev/videoX\n\nThis results in the following trace:\n\n[  155.452152] ------------[ cut here ]------------\n[  155.452163] WARNING: CPU: 0 PID: 1708 at drivers/media/platform/nxp/imx8-isi/imx8-isi-pipe.c:713 mxc_isi_pipe_irq_handler+0x19c/0x1b0 [imx8_isi]\n[  157.004248] Modules linked in: cfg80211 rpmsg_ctrl rpmsg_char rpmsg_tty virtio_rpmsg_bus rpmsg_ns rpmsg_core rfkill nft_ct nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nf_tables mcp251x6\n[  157.053499] CPU: 0 UID: 0 PID: 1708 Comm: python3 Not tainted 6.15.4-00114-g1f61ca5cad76 #1 PREEMPT\n[  157.064369] Hardware name: imx8mp_board_01 (DT)\n[  157.068205] pstate: 400000c5 (nZcv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[  157.075169] pc : mxc_isi_pipe_irq_handler+0x19c/0x1b0 [imx8_isi]\n[  157.081195] lr : mxc_isi_pipe_irq_handler+0x38/0x1b0 [imx8_isi]\n[  157.087126] sp : ffff800080003ee0\n[  157.090438] x29: ffff800080003ee0 x28: ffff0000c3688000 x27: 0000000000000000\n[  157.097580] x26: 0000000000000000 x25: ffff0000c1e7ac00 x24: ffff800081b5ad50\n[  157.104723] x23: 00000000000000d1 x22: 0000000000000000 x21: ffff0000c25e4000\n[  157.111866] x20: 0000000060000200 x19: ffff80007a0608d0 x18: 0000000000000000\n[  157.119008] x17: ffff80006a4e3000 x16: ffff800080000000 x15: 0000000000000000\n[  157.126146] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n[  157.133287] x11: 0000000000000040 x10: ffff0000c01445f0 x9 : ffff80007a053a38\n[  157.140425] x8 : ffff0000c04004b8 x7 : 0000000000000000 x6 : 0000000000000000\n[  157.147567] x5 : ffff0000c0400490 x4 : ffff80006a4e3000 x3 : ffff0000c25e4000\n[  157.154706] x2 : 0000000000000000 x1 : ffff8000825c0014 x0 : 0000000060000200\n[  157.161850] Call trace:\n[  157.164296]  mxc_isi_pipe_irq_handler+0x19c/0x1b0 [imx8_isi] (P)\n[  157.170319]  __handle_irq_event_percpu+0x58/0x218\n[  157.175029]  handle_irq_event+0x54/0xb8\n[  157.178867]  handle_fasteoi_irq+0xac/0x248\n[  157.182968]  handle_irq_desc+0x48/0x68\n[  157.186723]  generic_handle_domain_irq+0x24/0x38\n[  157.191346]  gic_handle_irq+0x54/0x120\n[  157.195098]  call_on_irq_stack+0x24/0x30\n[  157.199027]  do_interrupt_handler+0x88/0x98\n[  157.203212]  el0_interrupt+0x44/0xc0\n[  157.206792]  __el0_irq_handler_common+0x18/0x28\n[  157.211328]  el0t_64_irq_handler+0x10/0x20\n[  157.215429]  el0t_64_irq+0x198/0x1a0\n[  157.219009] ---[ end trace 0000000000000000 ]---\n\nAddress this issue by moving the streaming preparation and cleanup to\nthe vb2 .prepare_streaming() and .unprepare_streaming() operations. This\nalso simplifies the driver by allowing direct usage of the\nvb2_ioctl_streamon() and vb2_ioctl_streamoff() helpers, and removal of\nthe manual cleanup from mxc_isi_video_release()."
    }
  ],
  "id": "CVE-2025-68175",
  "lastModified": "2025-12-18T15:08:25.907",
  "metrics": {},
  "published": "2025-12-16T14:15:49.433",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/029914306b93b37c6e7060793d2b6f76b935cfa6"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/47773031a148ad7973b809cc7723cba77eda2b42"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-68175 (GCVE-0-2025-68175)

Vulnerability from cvelistv5

msrc_cve-2025-68175

Vulnerability from csaf_microsoft

ghsa-j5pm-p7rh-c37w

Vulnerability from github

fkie_cve-2025-68175

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature