CVE-2025-40017

20.10.2025, 16:15

In the Linux kernel, the following vulnerability has been resolved:

media: iris: Fix memory leak by freeing untracked persist buffer

One internal buffer which is allocated only once per session was not
being freed during session close because it was not being tracked as
part of internal buffer list which resulted in a memory leak.

Add the necessary logic to explicitly free the untracked internal buffer
during session close to ensure all allocated memory is released
properly.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
Linux	CNA	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 not-affected
trixie	6.12.43-1 not-affected
bookworm	6.1.148-1 not-affected
bullseye (security)	5.10.244-1 fixed
bookworm (security)	6.1.153-1 fixed
trixie (security)	6.12.48-1 fixed
forky	vulnerable
sid	6.16.12-2 fixed

References

https://git.kernel.org/stable/c/02a24f13b3a1d9da9f3de56aa5fdb7cc1fe167a2

https://git.kernel.org/stable/c/c9e024e907cafafd6b094f69a0d0f5d18fd28876

https://git.kernel.org/stable/c/ec2f87ad035e8d1ad67567542842f1f23a4dbde2