CVE-2025-40017

Vulnerability

Description

CVE-2025-40017 describes a memory leak in the Linux kernel's media subsystem, specifically in the iris driver. The root cause is that an internal buffer, allocated only once per session, was not tracked as part of the internal buffer list. Consequently, during session close, this buffer was never freed, resulting in a gradual memory leak over time.

Attack

Surface and Exploitation

The vulnerability is triggered through normal session lifecycle operations—opening and closing sessions on the iris device. An attacker with local access to the system can exploit this by repeatedly creating and destroying sessions, causing the untracked buffer to accumulate without release. No special privileges are required beyond the ability to interact with the media device, making it accessible to unprivileged users or malicious processes.

Impact

Successful exploitation leads to progressive memory exhaustion, potentially causing system instability or denial of service. As the leaked memory is not freed, the system may eventually run out of available memory, impacting other processes and overall system performance.

Mitigation

The issue has been addressed in the Linux kernel stable tree. The fix adds explicit deallocation of the untracked buffer during session close. Multiple stable branches have incorporated the patch, as seen in commits [1], [2], and [3]. Users are advised to update their kernels to the latest stable release containing these commits.