DEBIAN-CVE-2025-39714

DEBIAN-CVE-2025-39714 PUBLISHED CVSS 5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: media: usbtv: Lock resolution while streaming When an program is streaming (ffplay) and another program (qv4l2) changes the TV standard from NTSC to PAL, the kernel crashes due to trying to copy to unmapped memory. Changing from NTSC to PAL increases the resolution in the usbtv struct, but the video plane buffer isn't adjusted, so it overflows. [hverkuil: call vb2_is_busy instead of vb2_is_streaming]

Risk Scores

CVSS 3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:14	linux	6.15.1-1, 6.12.38-1, 6.12.41-1
Debian:13	linux	0, 6.12.38-1, 0
Debian:11	linux	5.10.84-1, 5.10.103-1, 5.10.103-1~bpo10+1
Debian:11	linux-6.1	6.1.106-3, 6.1.106-3, 6.1.112-1
Debian:12	linux	6.1.90-1, 6.1.90-1~bpo11+1, 6.1.94-1~bpo11+1

Exploit Intelligence

4081.3.6.yml (github-poc)

Timeline

Sep 5, 2025 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2025-39714 advisory

Open in Interactive Console →