SB2025090876 - Improper locking in Linux kernel usb usbtv driver
Published: September 8, 2025
Security Bulletin ID
SB2025090876
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper locking (CVE-ID: CVE-2025-39714)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the usbtv_configure_for_norm() function in drivers/media/usb/usbtv/usbtv-video.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/3d83d0b5ae5045a7a246ed116b5f6c688a12f9e9
- https://git.kernel.org/stable/c/5427dda195d6baf23028196fd55a0c90f66ffa61
- https://git.kernel.org/stable/c/7e40e0bb778907b2441bff68d73c3eb6b6cd319f
- https://git.kernel.org/stable/c/9f886d21e235c4bd038cb20f6696084304197ab3
- https://git.kernel.org/stable/c/c35e7c7a004ef379a1ae7c7486d4829419acad1d
- https://git.kernel.org/stable/c/c3d75524e10021aa5c223d94da4996640aed46c0
- https://git.kernel.org/stable/c/ee7bade8b9244834229b12b6e1e724939bedd484
- https://git.kernel.org/stable/c/ef9b3c22405192afaa279077ddd45a51db90b83d