CVE-2025-39714
Description
In the Linux kernel, the following vulnerability has been resolved:
media: usbtv: Lock resolution while streaming
When an program is streaming (ffplay) and another program (qv4l2) changes the TV standard from NTSC to PAL, the kernel crashes due to trying to copy to unmapped memory.
Changing from NTSC to PAL increases the resolution in the usbtv struct, but the video plane buffer isn't adjusted, so it overflows.
[hverkuil: call vb2_is_busy instead of vb2_is_streaming]
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A race condition in the Linux kernel's usbtv driver allows a crash when the TV standard is changed during streaming, due to an unadjusted video buffer.
In the Linux kernel's usbtv media driver, a race condition exists when the TV standard is changed while streaming is active. Changing from NTSC to PAL increases the resolution stored in the usbtv struct, but the video plane buffer is not correspondingly adjusted, leading to a buffer overflow when copying data to unmapped memory [2][3][4].
An attacker with local access can trigger this by having one program streaming (e.g., ffplay) while another program (e.g., qv4l2) changes the TV standard. No special privileges beyond the ability to access the video device are required, but the attack requires two concurrent processes interacting with the same usbtv device.
The overflow causes a kernel crash (denial of service). The vulnerability does not appear to allow privilege escalation or code execution based on the description.
The fix adds proper locking and uses vb2_is_busy to prevent resolution changes while the buffer is in use. Patches have been applied to the Linux kernel stable branches [2][3][4]. Users should update to a patched kernel version.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Linux/Linuxv5Range: 3.14
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- git.kernel.org/stable/c/3d83d0b5ae5045a7a246ed116b5f6c688a12f9e9nvdPatch
- git.kernel.org/stable/c/5427dda195d6baf23028196fd55a0c90f66ffa61nvdPatch
- git.kernel.org/stable/c/7e40e0bb778907b2441bff68d73c3eb6b6cd319fnvdPatch
- git.kernel.org/stable/c/9f886d21e235c4bd038cb20f6696084304197ab3nvdPatch
- git.kernel.org/stable/c/c35e7c7a004ef379a1ae7c7486d4829419acad1dnvdPatch
- git.kernel.org/stable/c/c3d75524e10021aa5c223d94da4996640aed46c0nvdPatch
- git.kernel.org/stable/c/ee7bade8b9244834229b12b6e1e724939bedd484nvdPatch
- git.kernel.org/stable/c/ef9b3c22405192afaa279077ddd45a51db90b83dnvdPatch
- lists.debian.org/debian-lts-announce/2025/10/msg00007.htmlnvdMailing ListThird Party Advisory
- lists.debian.org/debian-lts-announce/2025/10/msg00008.htmlnvdMailing ListThird Party Advisory
- cert-portal.siemens.com/productcert/html/ssa-032379.htmlnvd
News mentions
1- Siemens SIMATICCISA ICS Advisories