CVE-2025-39712
MEDIUM EPSS 1.3%
Published Sep 5, 202510mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Published Sep 5, 2025 10mo ago
Last Modified Jun 17, 2026 2w ago
Description
In the Linux kernel, the following vulnerability has been resolved: media: mt9m114: Fix deadlock in get_frame_interval/set_frame_interval Getting / Setting the frame interval using the V4L2 subdev pad ops get_frame_interval/set_frame_interval causes a deadlock, as the subdev state is locked in the [1] but also in the driver itself. In [2] it's described that the caller is responsible to acquire and release the lock in this case. Therefore, acquiring the lock in the driver is wrong. Remove the lock acquisitions/releases from mt9m114_ifp_get_frame_interval() and mt9m114_ifp_set_frame_interval(). [1] drivers/media/v4l2-core/v4l2-subdev.c - line 1129 [2] Documentation/driver-api/media/v4l2-subdev.rst
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
1.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-667
Affected Products 2
References 3
- git.kernel.org https://git.kernel.org/stable/c/0d23b548d71e5d76955fdf1d73addd8f6494f602
- git.kernel.org https://git.kernel.org/stable/c/298d1471cf83d5a2a05970e41822a2403f451086
- git.kernel.org https://git.kernel.org/stable/c/41b97490a1656bdc7038d6345a84b08d45deafc6
Remediation
- git.kernel.org https://git.kernel.org/stable/c/0d23b548d71e5d76955fdf1d73addd8f6494f602
- git.kernel.org https://git.kernel.org/stable/c/298d1471cf83d5a2a05970e41822a2403f451086
- git.kernel.org https://git.kernel.org/stable/c/41b97490a1656bdc7038d6345a84b08d45deafc6