{"id":"CVE-2025-40165","summary":"media: nxp: imx8-isi: m2m: Fix streaming cleanup on release","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: nxp: imx8-isi: m2m: Fix streaming cleanup on release\n\nIf streamon/streamoff calls are imbalanced, such as when exiting an\napplication with Ctrl+C when streaming, the m2m usage_count will never\nreach zero and the ISI channel won't be freed. Besides from that, if the\ninput line width is more than 2K, it will trigger a WARN_ON():\n\n[ 59.222120] ------------[ cut here ]------------\n[ 59.226758] WARNING: drivers/media/platform/nxp/imx8-isi/imx8-isi-hw.c:631 at mxc_isi_channel_chain+0xa4/0x120, CPU#4: v4l2-ctl/654\n[ 59.238569] Modules linked in: ap1302\n[ 59.242231] CPU: 4 UID: 0 PID: 654 Comm: v4l2-ctl Not tainted 6.16.0-rc4-next-20250704-06511-gff0e002d480a-dirty #258 PREEMPT\n[ 59.253597] Hardware name: NXP i.MX95 15X15 board (DT)\n[ 59.258720] pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 59.265669] pc : mxc_isi_channel_chain+0xa4/0x120\n[ 59.270358] lr : mxc_isi_channel_chain+0x44/0x120\n[ 59.275047] sp : ffff8000848c3b40\n[ 59.278348] x29: ffff8000848c3b40 x28: ffff0000859b4c98 x27: ffff800081939f00\n[ 59.285472] x26: 000000000000000a x25: ffff0000859b4cb8 x24: 0000000000000001\n[ 59.292597] x23: ffff0000816f4760 x22: ffff0000816f4258 x21: ffff000084ceb780\n[ 59.299720] x20: ffff000084342ff8 x19: ffff000084340000 x18: 0000000000000000\n[ 59.306845] x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffffdb369e1c\n[ 59.313969] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n[ 59.321093] x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000\n[ 59.328217] x8 : ffff8000848c3d48 x7 : ffff800081930b30 x6 : ffff800081930b30\n[ 59.335340] x5 : ffff0000859b6000 x4 : ffff80008193ae80 x3 : ffff800081022420\n[ 59.342464] x2 : ffff0000852f6900 x1 : 0000000000000001 x0 : ffff000084341000\n[ 59.349590] Call trace:\n[ 59.352025]  mxc_isi_channel_chain+0xa4/0x120 (P)\n[ 59.356722]  mxc_isi_m2m_streamon+0x160/0x20c\n[ 59.361072]  v4l_streamon+0x24/0x30\n[ 59.364556]  __video_do_ioctl+0x40c/0x4a0\n[ 59.368560]  video_usercopy+0x2bc/0x690\n[ 59.372382]  video_ioctl2+0x18/0x24\n[ 59.375857]  v4l2_ioctl+0x40/0x60\n[ 59.379168]  __arm64_sys_ioctl+0xac/0x104\n[ 59.383172]  invoke_syscall+0x48/0x104\n[ 59.386916]  el0_svc_common.constprop.0+0xc0/0xe0\n[ 59.391613]  do_el0_svc+0x1c/0x28\n[ 59.394915]  el0_svc+0x34/0xf4\n[ 59.397966]  el0t_64_sync_handler+0xa0/0xe4\n[ 59.402143]  el0t_64_sync+0x198/0x19c\n[ 59.405801] ---[ end trace 0000000000000000 ]---\n\nAddress this issue by moving the streaming preparation and cleanup to\nthe vb2 .prepare_streaming() and .unprepare_streaming() operations. This\nalso simplifies the driver by allowing direct usage of the\nv4l2_m2m_ioctl_streamon() and v4l2_m2m_ioctl_streamoff() helpers.","modified":"2026-03-20T12:43:12.102108Z","published":"2025-11-12T10:26:23.806Z","related":["SUSE-SU-2026:20012-1","SUSE-SU-2026:20015-1","SUSE-SU-2026:20021-1","openSUSE-SU-2025:20172-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40165.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/178aa3360220231dd91e7dbc2eb984525886c9c1"},{"type":"WEB","url":"https://git.kernel.org/stable/c/50c721be2cff2bf8c9a5f1f4add35c2bbb1df302"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b0d438c7b43314f9128e0dda5f83789e593e684a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e8b5f4d80775835cf8192d65138e9be1ff202847"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40165.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-40165"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"cf21f328fcafacf4f96e7a30ef9dceede1076378"},{"fixed":"50c721be2cff2bf8c9a5f1f4add35c2bbb1df302"},{"fixed":"e8b5f4d80775835cf8192d65138e9be1ff202847"},{"fixed":"b0d438c7b43314f9128e0dda5f83789e593e684a"},{"fixed":"178aa3360220231dd91e7dbc2eb984525886c9c1"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40165.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"6.4.0"},{"fixed":"6.6.114"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.55"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.17.5"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40165.json"}}],"schema_version":"1.7.5"}