CVE-2025-22028

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-22028
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-22028.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-22028
Downstream
Related
Published
2025-04-16T14:11:48.913Z
Modified
2026-05-07T04:16:25.347839Z
Summary
media: vimc: skip .s_stream() for stopped entities
Details

In the Linux kernel, the following vulnerability has been resolved:

media: vimc: skip .s_stream() for stopped entities

Syzbot reported [1] a warning prompted by a check in callsstream() that checks whether .s_stream() operation is warranted for unstarted or stopped subdevs.

Add a simple fix in vimcstreamerpipelineterminate() ensuring that entities skip a call to .sstream() unless they have been previously properly started.

[1] Syzbot report: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 5933 at drivers/media/v4l2-core/v4l2-subdev.c:460 callsstream+0x2df/0x350 drivers/media/v4l2-core/v4l2-subdev.c:460 Modules linked in: CPU: 0 UID: 0 PID: 5933 Comm: syz-executor330 Not tainted 6.13.0-rc2-syzkaller-00362-g2d8308bf5b67 #0 ... Call Trace: <TASK> vimcstreamerpipelineterminate+0x218/0x320 drivers/media/test-drivers/vimc/vimc-streamer.c:62 vimcstreamerpipelineinit drivers/media/test-drivers/vimc/vimc-streamer.c:101 [inline] vimcstreamersstream+0x650/0x9a0 drivers/media/test-drivers/vimc/vimc-streamer.c:203 vimccapturestartstreaming+0xa1/0x130 drivers/media/test-drivers/vimc/vimc-capture.c:256 vb2startstreaming+0x15f/0x5a0 drivers/media/common/videobuf2/videobuf2-core.c:1789 vb2corestreamon+0x2a7/0x450 drivers/media/common/videobuf2/videobuf2-core.c:2348 vb2streamon drivers/media/common/videobuf2/videobuf2-v4l2.c:875 [inline] vb2ioctl_streamon+0xf4/0x170 drivers/media/common/videobuf2/videobuf2-v4l2.c:1118 __videodoioctl+0xaf0/0xf00 drivers/media/v4l2-core/v4l2-ioctl.c:3122 videousercopy+0x4d2/0x1620 drivers/media/v4l2-core/v4l2-ioctl.c:3463 v4l2ioctl+0x1ba/0x250 drivers/media/v4l2-core/v4l2-dev.c:366 vfs_ioctl fs/ioctl.c:51 [inline] __dosysioctl fs/ioctl.c:906 [inline] __sesysioctl fs/ioctl.c:892 [inline] __x64sysioctl+0x190/0x200 fs/ioctl.c:892 dosyscallx64 arch/x86/entry/common.c:52 [inline] dosyscall64+0xcd/0x250 arch/x86/entry/common.c:83 entrySYSCALL64afterhwframe+0x77/0x7f RIP: 0033:0x7f2b85c01b19 ...

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/22xxx/CVE-2025-22028.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
adc589d2a20808fb99d46a78175cd023f2040338
Fixed
a505075730d23ccc19fc4ac382a0ed73b630c057
Fixed
845e9286ff99ee88cfdeb2b748f730003a512190
Fixed
6f6064dab4dcfb7e34a395040a0c9dc22cc8765d
Fixed
7a58d4c4cf8ff60ab1f93399deefaf6057da91c7
Fixed
36cef585e2a31e4ddf33a004b0584a7a572246de
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
77fbb561bb09f56877dd84318212da393909975f
Last affected
73236bf581e96eb48808fea522351ed81e24c9cc
Last affected
e7ae48ae47227c0302b9f4b15a5bf45934a55673

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-22028.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.1.0
Fixed
6.6.89
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.23
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.13.11
Type
ECOSYSTEM
Events
Introduced
6.14.0
Fixed
6.14.2

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-22028.json"