CVE-2025-40207

Vulnerability

The v4l2_subdev_call_state_try() macro in the Linux kernel's V4L2 sub-device framework allocates a sub-device state using __v4l2_subdev_state_alloc() but does not check the returned value. If the allocation fails, the function returns an ERR_PTR, and using it without validation leads to a kernel crash [1].

Exploitation

An attacker who can trigger memory allocation failure (e.g., by exhausting available memory) and invoke a code path that uses this macro can cause the kernel to dereference an invalid pointer. This may be achievable from user space through video device operations that rely on sub-device state handling, though no specific privileges are mentioned.

Impact

Successful exploitation results in a denial of service (kernel crash). No privilege escalation or data corruption beyond the crash has been indicated.

Mitigation

The fix adds proper error handling: if __v4l2_subdev_state_alloc() fails, the macro now returns an error code. The patch has been applied to multiple stable kernel branches [1][2][3][4], and system administrators should update their kernel to a patched version.