{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-68175", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-12-16T13:41:40.251Z", "datePublished": "2025-12-16T13:42:54.913Z", "dateUpdated": "2026-05-11T21:48:06.717Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T21:48:06.717Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: nxp: imx8-isi: Fix streaming cleanup on release\n\nThe current implementation unconditionally calls\nmxc_isi_video_cleanup_streaming() in mxc_isi_video_release(). This can\nlead to situations where any release call (like from a simple\n\"v4l2-ctl -l\") may release a currently streaming queue when called on\nsuch a device.\n\nThis is reproducible on an i.MX8MP board by streaming from an ISI\ncapture device using gstreamer:\n\n\tgst-launch-1.0 -v v4l2src device=/dev/videoX ! \\\n\t video/x-raw,format=GRAY8,width=1280,height=800,framerate=1/120 ! \\\n\t fakesink\n\nWhile this stream is running, querying the caps of the same device\nprovokes the error state:\n\n\tv4l2-ctl -l -d /dev/videoX\n\nThis results in the following trace:\n\n[ 155.452152] ------------[ cut here ]------------\n[ 155.452163] WARNING: CPU: 0 PID: 1708 at drivers/media/platform/nxp/imx8-isi/imx8-isi-pipe.c:713 mxc_isi_pipe_irq_handler+0x19c/0x1b0 [imx8_isi]\n[ 157.004248] Modules linked in: cfg80211 rpmsg_ctrl rpmsg_char rpmsg_tty virtio_rpmsg_bus rpmsg_ns rpmsg_core rfkill nft_ct nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nf_tables mcp251x6\n[ 157.053499] CPU: 0 UID: 0 PID: 1708 Comm: python3 Not tainted 6.15.4-00114-g1f61ca5cad76 #1 PREEMPT\n[ 157.064369] Hardware name: imx8mp_board_01 (DT)\n[ 157.068205] pstate: 400000c5 (nZcv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 157.075169] pc : mxc_isi_pipe_irq_handler+0x19c/0x1b0 [imx8_isi]\n[ 157.081195] lr : mxc_isi_pipe_irq_handler+0x38/0x1b0 [imx8_isi]\n[ 157.087126] sp : ffff800080003ee0\n[ 157.090438] x29: ffff800080003ee0 x28: ffff0000c3688000 x27: 0000000000000000\n[ 157.097580] x26: 0000000000000000 x25: ffff0000c1e7ac00 x24: ffff800081b5ad50\n[ 157.104723] x23: 00000000000000d1 x22: 0000000000000000 x21: ffff0000c25e4000\n[ 157.111866] x20: 0000000060000200 x19: ffff80007a0608d0 x18: 0000000000000000\n[ 157.119008] x17: ffff80006a4e3000 x16: ffff800080000000 x15: 0000000000000000\n[ 157.126146] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n[ 157.133287] x11: 0000000000000040 x10: ffff0000c01445f0 x9 : ffff80007a053a38\n[ 157.140425] x8 : ffff0000c04004b8 x7 : 0000000000000000 x6 : 0000000000000000\n[ 157.147567] x5 : ffff0000c0400490 x4 : ffff80006a4e3000 x3 : ffff0000c25e4000\n[ 157.154706] x2 : 0000000000000000 x1 : ffff8000825c0014 x0 : 0000000060000200\n[ 157.161850] Call trace:\n[ 157.164296] mxc_isi_pipe_irq_handler+0x19c/0x1b0 [imx8_isi] (P)\n[ 157.170319] __handle_irq_event_percpu+0x58/0x218\n[ 157.175029] handle_irq_event+0x54/0xb8\n[ 157.178867] handle_fasteoi_irq+0xac/0x248\n[ 157.182968] handle_irq_desc+0x48/0x68\n[ 157.186723] generic_handle_domain_irq+0x24/0x38\n[ 157.191346] gic_handle_irq+0x54/0x120\n[ 157.195098] call_on_irq_stack+0x24/0x30\n[ 157.199027] do_interrupt_handler+0x88/0x98\n[ 157.203212] el0_interrupt+0x44/0xc0\n[ 157.206792] __el0_irq_handler_common+0x18/0x28\n[ 157.211328] el0t_64_irq_handler+0x10/0x20\n[ 157.215429] el0t_64_irq+0x198/0x1a0\n[ 157.219009] ---[ end trace 0000000000000000 ]---\n\nAddress this issue by moving the streaming preparation and cleanup to\nthe vb2 .prepare_streaming() and .unprepare_streaming() operations. This\nalso simplifies the driver by allowing direct usage of the\nvb2_ioctl_streamon() and vb2_ioctl_streamoff() helpers, and removal of\nthe manual cleanup from mxc_isi_video_release()."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/media/platform/nxp/imx8-isi/imx8-isi-video.c"], "versions": [{"version": "cf21f328fcafacf4f96e7a30ef9dceede1076378", "lessThan": "a2008925ed7361d69f92f63f0a779c300432610a", "status": "affected", "versionType": "git"}, {"version": "cf21f328fcafacf4f96e7a30ef9dceede1076378", "lessThan": "029914306b93b37c6e7060793d2b6f76b935cfa6", "status": "affected", "versionType": "git"}, {"version": "cf21f328fcafacf4f96e7a30ef9dceede1076378", "lessThan": "47773031a148ad7973b809cc7723cba77eda2b42", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/media/platform/nxp/imx8-isi/imx8-isi-video.c"], "versions": [{"version": "6.4", "status": "affected"}, {"version": "0", "lessThan": "6.4", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.80", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.17.8", "lessThanOrEqual": "6.17.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.4", "versionEndExcluding": "6.12.80"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.4", "versionEndExcluding": "6.17.8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.4", "versionEndExcluding": "6.18"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/a2008925ed7361d69f92f63f0a779c300432610a"}, {"url": "https://git.kernel.org/stable/c/029914306b93b37c6e7060793d2b6f76b935cfa6"}, {"url": "https://git.kernel.org/stable/c/47773031a148ad7973b809cc7723cba77eda2b42"}], "title": "media: nxp: imx8-isi: Fix streaming cleanup on release", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: nxp: imx8-isi: Fix streaming cleanup on release\n\nThe current implementation unconditionally calls\nmxc_isi_video_cleanup_streaming() in mxc_isi_video_release(). This can\nlead to situations where any release call (like from a simple\n\"v4l2-ctl -l\") may release a currently streaming queue when called on\nsuch a device.\n\nThis is reproducible on an i.MX8MP board by streaming from an ISI\ncapture device using gstreamer:\n\n\tgst-launch-1.0 -v v4l2src device=/dev/videoX ! \\\n\t video/x-raw,format=GRAY8,width=1280,height=800,framerate=1/120 ! \\\n\t fakesink\n\nWhile this stream is running, querying the caps of the same device\nprovokes the error state:\n\n\tv4l2-ctl -l -d /dev/videoX\n\nThis results in the following trace:\n\n[ 155.452152] ------------[ cut here ]------------\n[ 155.452163] WARNING: CPU: 0 PID: 1708 at drivers/media/platform/nxp/imx8-isi/imx8-isi-pipe.c:713 mxc_isi_pipe_irq_handler+0x19c/0x1b0 [imx8_isi]\n[ 157.004248] Modules linked in: cfg80211 rpmsg_ctrl rpmsg_char rpmsg_tty virtio_rpmsg_bus rpmsg_ns rpmsg_core rfkill nft_ct nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nf_tables mcp251x6\n[ 157.053499] CPU: 0 UID: 0 PID: 1708 Comm: python3 Not tainted 6.15.4-00114-g1f61ca5cad76 #1 PREEMPT\n[ 157.064369] Hardware name: imx8mp_board_01 (DT)\n[ 157.068205] pstate: 400000c5 (nZcv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 157.075169] pc : mxc_isi_pipe_irq_handler+0x19c/0x1b0 [imx8_isi]\n[ 157.081195] lr : mxc_isi_pipe_irq_handler+0x38/0x1b0 [imx8_isi]\n[ 157.087126] sp : ffff800080003ee0\n[ 157.090438] x29: ffff800080003ee0 x28: ffff0000c3688000 x27: 0000000000000000\n[ 157.097580] x26: 0000000000000000 x25: ffff0000c1e7ac00 x24: ffff800081b5ad50\n[ 157.104723] x23: 00000000000000d1 x22: 0000000000000000 x21: ffff0000c25e4000\n[ 157.111866] x20: 0000000060000200 x19: ffff80007a0608d0 x18: 0000000000000000\n[ 157.119008] x17: ffff80006a4e3000 x16: ffff800080000000 x15: 0000000000000000\n[ 157.126146] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n[ 157.133287] x11: 0000000000000040 x10: ffff0000c01445f0 x9 : ffff80007a053a38\n[ 157.140425] x8 : ffff0000c04004b8 x7 : 0000000000000000 x6 : 0000000000000000\n[ 157.147567] x5 : ffff0000c0400490 x4 : ffff80006a4e3000 x3 : ffff0000c25e4000\n[ 157.154706] x2 : 0000000000000000 x1 : ffff8000825c0014 x0 : 0000000060000200\n[ 157.161850] Call trace:\n[ 157.164296] mxc_isi_pipe_irq_handler+0x19c/0x1b0 [imx8_isi] (P)\n[ 157.170319] __handle_irq_event_percpu+0x58/0x218\n[ 157.175029] handle_irq_event+0x54/0xb8\n[ 157.178867] handle_fasteoi_irq+0xac/0x248\n[ 157.182968] handle_irq_desc+0x48/0x68\n[ 157.186723] generic_handle_domain_irq+0x24/0x38\n[ 157.191346] gic_handle_irq+0x54/0x120\n[ 157.195098] call_on_irq_stack+0x24/0x30\n[ 157.199027] do_interrupt_handler+0x88/0x98\n[ 157.203212] el0_interrupt+0x44/0xc0\n[ 157.206792] __el0_irq_handler_common+0x18/0x28\n[ 157.211328] el0t_64_irq_handler+0x10/0x20\n[ 157.215429] el0t_64_irq+0x198/0x1a0\n[ 157.219009] ---[ end trace 0000000000000000 ]---\n\nAddress this issue by moving the streaming preparation and cleanup to\nthe vb2 .prepare_streaming() and .unprepare_streaming() operations. This\nalso simplifies the driver by allowing direct usage of the\nvb2_ioctl_streamon() and vb2_ioctl_streamoff() helpers, and removal of\nthe manual cleanup from mxc_isi_video_release()."}], "id": "CVE-2025-68175", "lastModified": "2026-04-15T00:35:42.020", "metrics": {}, "published": "2025-12-16T14:15:49.433", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/029914306b93b37c6e7060793d2b6f76b935cfa6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/47773031a148ad7973b809cc7723cba77eda2b42"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a2008925ed7361d69f92f63f0a779c300432610a"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Deferred"}

{"bugzilla": {"description": "kernel: media: nxp: imx8-isi: Fix streaming cleanup on release", "id": "2422666", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2422666"}, "csaw": false, "details": ["No description is available for this CVE."], "name": "CVE-2025-68175", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-12-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-68175\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-68175\nhttps://lore.kernel.org/linux-cve-announce/2025121629-CVE-2025-68175-d545@gregkh/T"]}

{"analysis": {"en": {"generated_at": "2026-04-28T10:11:16.125417+00:00", "value": {"mitigation_remediation": ["Upgrade the Linux kernel to a release that includes the imx8\u2011isi driver fix described in the commit series provided in the advisory.", "Ensure that no tool or script performs a device release or queries device capabilities while an ISI stream is active. If such actions are required, pause the stream before initiating the release operation.", "Continuously monitor kernel logs for \"imx8_isi\" errors or warnings and verify that the crash has been resolved after the kernel update."], "summary": {"action": "Apply Kernel Patch", "impact": "Denial of Service via kernel crash"}, "threat_synthesis": {"affected_systems": "The affected product is the Linux kernel used on i.MX8MP boards and any other systems that load the driver from the nxp:imx8-isi media subsystem. The Vendor list lists only Linux; specific version information is not provided in the advisory, but the fix is present in kernel revisions that incorporate the change described in the commit series referenced in the CVE references.", "description_and_impact": "A bug in the Linux kernel driver for the i.MX8ISi platform causes the driver to unconditionally purge the streaming queue when the device is released. The flaw can be triggered by simple commands such as \"v4l2-ctl -l\" issued during an active stream, leading to a kernel oops. The impact is a local denial of service because the kernel panic destroys integrity and availability of the full system, but it does not compromise confidentiality or expose data. The weakness is a failure to perform proper resource cleanup, which is reflected in the typical CWE category for improper resource management.", "risk_and_exploitability": "The EPSS score is below 1\u202f%, indicating that exploitation is unlikely in the wild, and the vulnerability is not listed in the CISA KEV catalog. Nonetheless, anyone who streams media with the imx8-isi driver and meanwhile queries the device\u2019s capabilities or otherwise releases the device will experience a local denial of service. The attack vector is local via normal user commands; no network exposure is required."}}}}, "created": "2026-04-28T10:15:28.857636+00:00", "updated": "2026-04-28T10:15:28.857649+00:00", "vendors": [], "weaknesses": ["CWE-404", "CWE-773"]}