SB20251015100 - Use-after-free in Linux kernel media tuners driver
Published: October 15, 2025
Security Bulletin ID
SB20251015100
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2025-39994)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xc5000_release() function in drivers/media/tuners/xc5000.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/40b7a19f321e65789612ebaca966472055dab48c
- https://git.kernel.org/stable/c/4266f012806fc18e46da4a04d130df59a4946f93
- https://git.kernel.org/stable/c/71ed8b81a4906cb785966910f39cf7f5ad60a69e
- https://git.kernel.org/stable/c/9a00de20ed8ba90888479749b87bc1532cded4ce
- https://git.kernel.org/stable/c/df0303b4839520b84d9367c2fad65b13650a4d42
- https://git.kernel.org/stable/c/effb1c19583bca7022fa641a70766de45c6d41ac