CVE-2025-39712

05.09.2025, 18:15

In the Linux kernel, the following vulnerability has been resolved:

media: mt9m114: Fix deadlock in get_frame_interval/set_frame_interval

Getting / Setting the frame interval using the V4L2 subdev pad ops
get_frame_interval/set_frame_interval causes a deadlock, as the
subdev state is locked in the [1] but also in the driver itself.

In [2] it's described that the caller is responsible to acquire and
release the lock in this case. Therefore, acquiring the lock in the
driver is wrong.

Remove the lock acquisitions/releases from mt9m114_ifp_get_frame_interval()
and mt9m114_ifp_set_frame_interval().

[1] drivers/media/v4l2-core/v4l2-subdev.c - line 1129
[2] Documentation/driver-api/media/v4l2-subdev.rst

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
Linux	CNA	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 not-affected
bookworm	6.1.137-1 not-affected
bullseye (security)	5.10.237-1 fixed
bookworm (security)	6.1.147-1 fixed
trixie	vulnerable
trixie (security)	vulnerable
forky	vulnerable
sid	vulnerable

References

https://git.kernel.org/stable/c/0d23b548d71e5d76955fdf1d73addd8f6494f602

https://git.kernel.org/stable/c/298d1471cf83d5a2a05970e41822a2403f451086

https://git.kernel.org/stable/c/41b97490a1656bdc7038d6345a84b08d45deafc6