PT-2025-28001 · Linux+6 · Linux Kernel+6
Published
2025-07-04
·
Updated
2026-04-20
·
CVE-2025-38226
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Linux kernel versions prior to 6.14.0-rc2-syzkaller-00039-g09fbf3d50205
Description:
A bug was found in the Linux kernel, specifically in the media subsystem, where the composition size cannot be larger than the size of fmt cap rect. This issue was identified by syzkaller and is related to a vmalloc-out-of-bounds error in the tpg fill plane pattern and tpg fill plane buffer functions. The error occurs when the size of the composing exceeds the size of fmt cap rect.
Recommendations:
For Linux kernel versions prior to 6.14.0-rc2-syzkaller-00039-g09fbf3d50205, consider updating to a newer version that includes the fix for this issue. As a temporary workaround, execute v4l2 rect map inside() even if has compose cap == 0 to prevent the composition size from exceeding the size of fmt cap rect.
Exploit
Fix
Memory Corruption
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu