CVE-2025-71140Linux vulnerability

14 documents7 sources
Severity
6.4MEDIUM
No vector
EPSS
0.0%
top 92.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
LinuxLinux KernelDebian Linux+10 more
Timeline
PublishedJan 14
Latest updateApr 17

Description

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Use spinlock for context list protection lock Previously a mutex was added to protect the encoder and decoder context lists from unexpected changes originating from the SCP IP block, causing the context pointer to go invalid, resulting in a NULL pointer dereference in the IPI handler. Turns out on the MT8173, the VPU IPI handler is called from hard IRQ context. This causes a big warning from the sched

Affected Packages14 packages

Linuxlinux/linux_kernel6.7.06.12.64+2
Debianlinux/linux_kernel< 6.12.69-1+1
CVEListV5linux/linux0a2dc707aa42214f9c4827bd57e344e29a0841d62c1ea6214827041f548279c9eda341eda0cc8351+7
debiandebian/linux< linux 6.18.5-1 (forky)

🔴Vulnerability Details

3
GHSA
GHSA-fmmj-6v74-3cm2: In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Use spinlock for context list protection lock Previousl2026-01-14
OSV
CVE-2025-71140: In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Use spinlock for context list protection lock Previously2026-01-14
OSV
media: mediatek: vcodec: Use spinlock for context list protection lock2026-01-14

📋Vendor Advisories

9
Ubuntu
Linux kernel (GCP) vulnerabilities2026-04-17
Ubuntu
Linux kernel (FIPS) vulnerabilities2026-04-17
Ubuntu
Linux kernel (Real-time) vulnerabilities2026-04-17
Ubuntu
Linux kernel (Real-time) vulnerabilities2026-04-17
Ubuntu
Linux kernel (NVIDIA) vulnerabilities2026-04-17

🕵️Threat Intelligence

1
Wiz
CVE-2025-71140 Impact, Exploitability, and Mitigation Steps | Wiz