CVE & CISA-KEV Catalog

CVE-2025-40016

MEDIUM
6.2
CVSS v3
NVD

Description

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID Per UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero unique ID. ``` Each Unit and Terminal within the video function is assigned a unique identification number, the Unit ID (UID) or Terminal ID (TID), contained in the bUnitID or bTerminalID field of the descriptor. The value 0x00 is reserved for undefined ID, ``` If we add a new entity with id 0 or a duplicated ID, it will be marked as UVC_INVALID_ENTITY_ID. In a previous attempt commit 3dd075fe8ebb ("media: uvcvideo: Require entities to have a non-zero unique ID"), we ignored all the invalid units, this broke a lot of non-compatible cameras. Hopefully we are more lucky this time. This also prevents some syzkaller reproducers from triggering warnings due to a chain of entities referring to themselves. In one particular case, an Output Unit is connected to an Input Unit, both with the same ID of 1. But when looking up for the source ID of the Output Unit, that same entity is found instead of the input entity, which leads to such warnings. In another case, a backward chain was considered finished as the source ID was 0. Later on, that entity was found, but its pads were not valid. Here is a sample stack trace for one of those cases. [ 20.650953] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 20.830206] usb 1-1: Using ep0 maxpacket: 8 [ 20.833501] usb 1-1: config 0 descriptor?? [ 21.038518] usb 1-1: string descriptor 0 read error: -71 [ 21.038893] usb 1-1: Found UVC 0.00 device <unnamed> (2833:0201) [ 21.039299] uvcvideo 1-1:0.0: Entity type for entity Output 1 was not initialized! [ 21.041583] uvcvideo 1-1:0.0: Entity type for entity Input 1 was not initialized! [ 21.042218] ------------[ cut here ]------------ [ 21.042536] WARNING: CPU: 0 PID: 9 at drivers/media/mc/mc-entity.c:1147 media_create_pad_link+0x2c4/0x2e0 [ 21.043195] Modules linked in: [ 21.043535] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:1 Not tainted 6.11.0-rc7-00030-g3480e43aeccf #444 [ 21.044101] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014 [ 21.044639] Workqueue: usb_hub_wq hub_event [ 21.045100] RIP: 0010:media_create_pad_link+0x2c4/0x2e0 [ 21.045508] Code: fe e8 20 01 00 00 b8 f4 ff ff ff 48 83 c4 30 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 0f 0b eb e9 0f 0b eb 0a 0f 0b eb 06 <0f> 0b eb 02 0f 0b b8 ea ff ff ff eb d4 66 2e 0f 1f 84 00 00 00 00 [ 21.046801] RSP: 0018:ffffc9000004b318 EFLAGS: 00010246 [ 21.047227] RAX: ffff888004e5d458 RBX: 0000000000000000 RCX: ffffffff818fccf1 [ 21.047719] RDX: 000000000000007b RSI: 0000000000000000 RDI: ffff888004313290 [ 21.048241] RBP: ffff888004313290 R08: 0001ffffffffffff R09: 0000000000000000 [ 21.048701] R10: 0000000000000013 R11: 0001888004313290 R12: 0000000000000003 [ 21.049138] R13: ffff888004313080 R14: ffff888004313080 R15: 0000000000000000 [ 21.049648] FS: 0000000000000000(0000) GS:ffff88803ec00000(0000) knlGS:0000000000000000 [ 21.050271] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 21.050688] CR2: 0000592cc27635b0 CR3: 000000000431c000 CR4: 0000000000750ef0 [ 21.051136] PKRU: 55555554 [ 21.051331] Call Trace: [ 21.051480] <TASK> [ 21.051611] ? __warn+0xc4/0x210 [ 21.051861] ? media_create_pad_link+0x2c4/0x2e0 [ 21.052252] ? report_bug+0x11b/0x1a0 [ 21.052540] ? trace_hardirqs_on+0x31/0x40 [ 21.052901] ? handle_bug+0x3d/0x70 [ 21.053197] ? exc_invalid_op+0x1a/0x50 [ 21.053511] ? asm_exc_invalid_op+0x1a/0x20 [ 21.053924] ? media_create_pad_link+0x91/0x2e0 [ 21.054364] ? media_create_pad_link+0x2c4/0x2e0 [ 21.054834] ? media_create_pad_link+0x91/0x2e0 [ 21.055131] ? _raw_spin_unlock+0x1e/0x40 [ 21.055441] ? __v4l2_device_register_subdev+0x202/0x210 [ 21.055837] uvc_mc_register_entities+0x358/0x400 [ 21.056144] uvc_register_chains+0x1 ---truncated---

How to fix

Remediation Available
linuxDebian
Fixed in:6.1.170-1CVE-2025-40016
Fixed in:6.12.57-1CVE-2025-40016
Fixed in:6.16.11-1CVE-2025-40016
linuxUbuntu
Fixed in:6.8.0-106.106USN-8095-1
linux-awsUbuntu
Fixed in:6.8.0-1050.53USN-8095-1
linux-aws-6.8Ubuntu
Fixed in:6.8.0-1050.53~22.04.1USN-8095-4
linux-aws-fipsUbuntu
Fixed in:6.8.0-1050.53+fips1USN-8095-2
linux-azureUbuntu
Fixed in:6.8.0-1051.57USN-8125-1
linux-azure-6.8Ubuntu
Fixed in:6.8.0-1051.57~22.04.1USN-8126-1
linux-azure-fipsUbuntu
Fixed in:6.8.0-1052.58+fips1USN-8165-1
linux-fipsUbuntu
Fixed in:6.8.0-106.106+fips1USN-8095-2
linux-gcpUbuntu
Fixed in:6.8.0-1052.55USN-8095-1
linux-gcp-6.8Ubuntu
Fixed in:6.8.0-1052.55~22.04.1USN-8095-1
linux-gcp-fipsUbuntu
Fixed in:6.8.0-1052.55+fips1USN-8095-2
linux-gkeUbuntu
Fixed in:6.8.0-1048.53USN-8095-1
linux-gkeopUbuntu
Fixed in:6.8.0-1035.38USN-8095-1
linux-hwe-6.8Ubuntu
Fixed in:6.8.0-106.106~22.04.1USN-8095-1
linux-ibmUbuntu
Fixed in:6.8.0-1049.49USN-8095-1
linux-ibm-6.8Ubuntu
Fixed in:6.8.0-1049.49~22.04.1USN-8095-1
linux-image-6.8.0-1029-xilinxUbuntu
Fixed in:6.8.0-1029.30USN-8261-1
linux-image-6.8.0-1035-gkeopUbuntu
Fixed in:6.8.0-1035.38USN-8095-1
linux-image-6.8.0-1047-oracleUbuntu
Fixed in:6.8.0-1047.48~22.04.1USN-8095-1
Fixed in:6.8.0-1047.48USN-8095-1
linux-image-6.8.0-1047-oracle-64kUbuntu
Fixed in:6.8.0-1047.48~22.04.1USN-8095-1
Fixed in:6.8.0-1047.48USN-8095-1
linux-image-6.8.0-1048-gkeUbuntu
Fixed in:6.8.0-1048.53USN-8095-1
linux-image-6.8.0-1048-gke-64kUbuntu
Fixed in:6.8.0-1048.53USN-8095-1
linux-image-6.8.0-1049-ibmUbuntu
Fixed in:6.8.0-1049.49~22.04.1USN-8095-1
Fixed in:6.8.0-1049.49USN-8095-1
linux-image-6.8.0-1049-nvidiaUbuntu
Fixed in:6.8.0-1049.52~22.04.1USN-8100-1
Fixed in:6.8.0-1049.52USN-8100-1
linux-image-6.8.0-1049-nvidia-64kUbuntu
Fixed in:6.8.0-1049.52~22.04.1USN-8100-1
Fixed in:6.8.0-1049.52USN-8100-1
linux-image-6.8.0-1049-nvidia-lowlatencyUbuntu
Fixed in:6.8.0-1049.52.1USN-8100-1
linux-image-6.8.0-1049-nvidia-lowlatency-64kUbuntu
Fixed in:6.8.0-1049.52.1USN-8100-1
linux-image-6.8.0-1050-awsUbuntu
Fixed in:6.8.0-1050.53~22.04.1USN-8095-4
Fixed in:6.8.0-1050.53USN-8095-1
linux-image-6.8.0-1050-aws-64kUbuntu
Fixed in:6.8.0-1050.53~22.04.1USN-8095-4
Fixed in:6.8.0-1050.53USN-8095-1
linux-image-6.8.0-1050-aws-fipsUbuntu
Fixed in:6.8.0-1050.53+fips1USN-8095-2
linux-image-6.8.0-1050-raspiUbuntu
Fixed in:6.8.0-1050.54USN-8095-5
linux-image-6.8.0-1051-azureUbuntu
Fixed in:6.8.0-1051.57~22.04.1USN-8126-1
Fixed in:6.8.0-1051.57USN-8125-1
linux-image-6.8.0-1052-azure-fipsUbuntu
Fixed in:6.8.0-1052.58+fips1USN-8165-1
linux-image-6.8.0-1052-gcpUbuntu
Fixed in:6.8.0-1052.55~22.04.1USN-8095-1
Fixed in:6.8.0-1052.55USN-8095-1
linux-image-6.8.0-1052-gcp-64kUbuntu
Fixed in:6.8.0-1052.55~22.04.1USN-8095-1
Fixed in:6.8.0-1052.55USN-8095-1
linux-image-6.8.0-1052-gcp-fipsUbuntu
Fixed in:6.8.0-1052.55+fips1USN-8095-2
linux-image-6.8.0-106-fipsUbuntu
Fixed in:6.8.0-106.106+fips1USN-8095-2
linux-image-6.8.0-106-genericUbuntu
Fixed in:6.8.0-106.106~22.04.1USN-8095-1
Fixed in:6.8.0-106.106USN-8095-1
linux-image-6.8.0-106-generic-64kUbuntu
Fixed in:6.8.0-106.106~22.04.1USN-8095-1
Fixed in:6.8.0-106.106USN-8095-1
linux-image-6.8.0-106-lowlatencyUbuntu
Fixed in:6.8.0-106.106.1~22.04.1USN-8095-1
Fixed in:6.8.0-106.106.1USN-8095-1
linux-image-6.8.0-106-lowlatency-64kUbuntu
Fixed in:6.8.0-106.106.1~22.04.1USN-8095-1
Fixed in:6.8.0-106.106.1USN-8095-1
linux-image-6.8.0-2040-raspi-realtimeUbuntu
Fixed in:6.8.0-2040.41USN-8095-5
linux-image-6.8.1-1045-realtimeUbuntu
Fixed in:6.8.1-1045.46~22.04.1USN-8095-3
Fixed in:6.8.1-1045.46USN-8095-3
linux-image-awsUbuntu
Fixed in:6.8.0-1050.53~22.04.1USN-8095-4
linux-image-aws-6.8Ubuntu
Fixed in:6.8.0-1050.53~22.04.1USN-8095-4
Fixed in:6.8.0-1050.53USN-8095-1
linux-image-aws-64kUbuntu
Fixed in:6.8.0-1050.53~22.04.1USN-8095-4
linux-image-aws-64k-6.8Ubuntu
Fixed in:6.8.0-1050.53~22.04.1USN-8095-4
Fixed in:6.8.0-1050.53USN-8095-1
linux-image-aws-64k-lts-24.04Ubuntu
Fixed in:6.8.0-1050.53USN-8095-1
linux-image-aws-fipsUbuntu
Fixed in:6.8.0-1050.53+fips1USN-8095-2
linux-image-aws-fips-6.8Ubuntu
Fixed in:6.8.0-1050.53+fips1USN-8095-2
linux-image-aws-lts-24.04Ubuntu
Fixed in:6.8.0-1050.53USN-8095-1
linux-image-azureUbuntu
Fixed in:6.8.0-1051.57~22.04.1USN-8126-1
linux-image-azure-6.8Ubuntu
Fixed in:6.8.0-1051.57~22.04.1USN-8126-1
Fixed in:6.8.0-1051.57USN-8125-1
linux-image-azure-fipsUbuntu
Fixed in:6.8.0-1052.58+fips1USN-8165-1
linux-image-azure-fips-6.8Ubuntu
Fixed in:6.8.0-1052.58+fips1USN-8165-1
linux-image-azure-lts-24.04Ubuntu
Fixed in:6.8.0-1051.57USN-8125-1
linux-image-fipsUbuntu
Fixed in:6.8.0-106.106+fips1USN-8095-2
linux-image-fips-6.8Ubuntu
Fixed in:6.8.0-106.106+fips1USN-8095-2
linux-image-gcpUbuntu
Fixed in:6.8.0-1052.55~22.04.1USN-8095-1
linux-image-gcp-6.8Ubuntu
Fixed in:6.8.0-1052.55~22.04.1USN-8095-1
Fixed in:6.8.0-1052.55USN-8095-1
linux-image-gcp-64kUbuntu
Fixed in:6.8.0-1052.55~22.04.1USN-8095-1
linux-image-gcp-64k-6.8Ubuntu
Fixed in:6.8.0-1052.55~22.04.1USN-8095-1
Fixed in:6.8.0-1052.55USN-8095-1
linux-image-gcp-64k-lts-24.04Ubuntu
Fixed in:6.8.0-1052.55USN-8095-1
linux-image-gcp-fipsUbuntu
Fixed in:6.8.0-1052.55+fips1USN-8095-2
linux-image-gcp-fips-6.8Ubuntu
Fixed in:6.8.0-1052.55+fips1USN-8095-2
linux-image-gcp-lts-24.04Ubuntu
Fixed in:6.8.0-1052.55USN-8095-1
linux-image-genericUbuntu
Fixed in:6.8.0-106.106USN-8095-1
linux-image-generic-6.8Ubuntu
Fixed in:6.8.0-106.106~22.04.1USN-8095-1
Fixed in:6.8.0-106.106USN-8095-1
linux-image-generic-64kUbuntu
Fixed in:6.8.0-106.106USN-8095-1
linux-image-generic-64k-6.8Ubuntu
Fixed in:6.8.0-106.106~22.04.1USN-8095-1
Fixed in:6.8.0-106.106USN-8095-1
linux-image-generic-64k-hwe-22.04Ubuntu
Fixed in:6.8.0-106.106~22.04.1USN-8095-1
linux-image-generic-hwe-22.04Ubuntu
Fixed in:6.8.0-106.106~22.04.1USN-8095-1
linux-image-generic-lpaeUbuntu
Fixed in:6.8.0-106.106USN-8095-1
linux-image-gkeUbuntu
Fixed in:6.8.0-1048.53USN-8095-1
linux-image-gke-6.8Ubuntu
Fixed in:6.8.0-1048.53USN-8095-1
linux-image-gke-64kUbuntu
Fixed in:6.8.0-1048.53USN-8095-1
linux-image-gke-64k-6.8Ubuntu
Fixed in:6.8.0-1048.53USN-8095-1
linux-image-gkeopUbuntu
Fixed in:6.8.0-1035.38USN-8095-1
linux-image-gkeop-6.8Ubuntu
Fixed in:6.8.0-1035.38USN-8095-1
linux-image-ibmUbuntu
Fixed in:6.8.0-1049.49USN-8095-1
linux-image-ibm-6.8Ubuntu
Fixed in:6.8.0-1049.49~22.04.1USN-8095-1
Fixed in:6.8.0-1049.49USN-8095-1
linux-image-ibm-classicUbuntu
Fixed in:6.8.0-1049.49USN-8095-1
linux-image-ibm-lts-24.04Ubuntu
Fixed in:6.8.0-1049.49USN-8095-1
linux-image-intel-iot-realtimeUbuntu
Fixed in:6.8.1-1045.46USN-8095-3
linux-image-intel-iotgUbuntu
Fixed in:6.8.0-106.106USN-8095-1
linux-image-kvmUbuntu
Fixed in:6.8.0-106.106USN-8095-1
linux-image-lowlatencyUbuntu
Fixed in:6.8.0-106.106.1USN-8095-1
linux-image-lowlatency-6.8Ubuntu
Fixed in:6.8.0-106.106.1~22.04.1USN-8095-1
Fixed in:6.8.0-106.106.1USN-8095-1
linux-image-lowlatency-64kUbuntu
Fixed in:6.8.0-106.106.1USN-8095-1
linux-image-lowlatency-64k-6.8Ubuntu
Fixed in:6.8.0-106.106.1~22.04.1USN-8095-1
Fixed in:6.8.0-106.106.1USN-8095-1
linux-image-lowlatency-64k-hwe-22.04Ubuntu
Fixed in:6.8.0-106.106.1~22.04.1USN-8095-1
linux-image-lowlatency-hwe-22.04Ubuntu
Fixed in:6.8.0-106.106.1~22.04.1USN-8095-1
linux-image-nvidiaUbuntu
Fixed in:6.8.0-1049.52USN-8100-1
linux-image-nvidia-6.8Ubuntu
Fixed in:6.8.0-1049.52~22.04.1USN-8100-1
Fixed in:6.8.0-1049.52USN-8100-1
linux-image-nvidia-64kUbuntu
Fixed in:6.8.0-1049.52USN-8100-1
linux-image-nvidia-64k-6.8Ubuntu
Fixed in:6.8.0-1049.52~22.04.1USN-8100-1
Fixed in:6.8.0-1049.52USN-8100-1
linux-image-nvidia-64k-hwe-22.04Ubuntu
Fixed in:6.8.0-1049.52~22.04.1USN-8100-1
linux-image-nvidia-hwe-22.04Ubuntu
Fixed in:6.8.0-1049.52~22.04.1USN-8100-1
linux-image-nvidia-lowlatencyUbuntu
Fixed in:6.8.0-1049.52.1USN-8100-1
linux-image-nvidia-lowlatency-6.8Ubuntu
Fixed in:6.8.0-1049.52.1USN-8100-1
linux-image-nvidia-lowlatency-64kUbuntu
Fixed in:6.8.0-1049.52.1USN-8100-1
linux-image-nvidia-lowlatency-64k-6.8Ubuntu
Fixed in:6.8.0-1049.52.1USN-8100-1
linux-image-oem-22.04Ubuntu
Fixed in:6.8.0-106.106~22.04.1USN-8095-1
linux-image-oem-22.04aUbuntu
Fixed in:6.8.0-106.106~22.04.1USN-8095-1
linux-image-oem-22.04bUbuntu
Fixed in:6.8.0-106.106~22.04.1USN-8095-1
linux-image-oem-22.04cUbuntu
Fixed in:6.8.0-106.106~22.04.1USN-8095-1
linux-image-oem-22.04dUbuntu
Fixed in:6.8.0-106.106~22.04.1USN-8095-1
linux-image-oracleUbuntu
Fixed in:6.8.0-1047.48~22.04.1USN-8095-1
linux-image-oracle-6.8Ubuntu
Fixed in:6.8.0-1047.48~22.04.1USN-8095-1
Fixed in:6.8.0-1047.48USN-8095-1
linux-image-oracle-64kUbuntu
Fixed in:6.8.0-1047.48~22.04.1USN-8095-1
linux-image-oracle-64k-6.8Ubuntu
Fixed in:6.8.0-1047.48~22.04.1USN-8095-1
Fixed in:6.8.0-1047.48USN-8095-1
linux-image-oracle-64k-lts-24.04Ubuntu
Fixed in:6.8.0-1047.48USN-8095-1
linux-image-oracle-lts-24.04Ubuntu
Fixed in:6.8.0-1047.48USN-8095-1
linux-image-raspiUbuntu
Fixed in:6.8.0-1050.54USN-8095-5
linux-image-raspi-6.8Ubuntu
Fixed in:6.8.0-1050.54USN-8095-5
linux-image-raspi-realtimeUbuntu
Fixed in:6.8.0-2040.41USN-8095-5
linux-image-raspi-realtime-6.8Ubuntu
Fixed in:6.8.0-2040.41USN-8095-5
linux-image-realtimeUbuntu
Fixed in:6.8.1-1045.46USN-8095-3
linux-image-realtime-6.8.1Ubuntu
Fixed in:6.8.1-1045.46~22.04.1USN-8095-3
Fixed in:6.8.1-1045.46USN-8095-3
linux-image-realtime-hwe-22.04Ubuntu
Fixed in:6.8.1-1045.46~22.04.1USN-8095-3
linux-image-virtualUbuntu
Fixed in:6.8.0-106.106USN-8095-1
linux-image-virtual-6.8Ubuntu
Fixed in:6.8.0-106.106~22.04.1USN-8095-1
Fixed in:6.8.0-106.106USN-8095-1
linux-image-virtual-hwe-22.04Ubuntu
Fixed in:6.8.0-106.106~22.04.1USN-8095-1
linux-image-xilinxUbuntu
Fixed in:6.8.0.1029.30USN-8261-1
linux-image-xilinx-6.8Ubuntu
Fixed in:6.8.0.1029.30USN-8261-1
linux-image-xilinx-zynqmpUbuntu
Fixed in:6.8.0.1029.30USN-8261-1
linux-lowlatencyUbuntu
Fixed in:6.8.0-106.106.1USN-8095-1
linux-lowlatency-hwe-6.8Ubuntu
Fixed in:6.8.0-106.106.1~22.04.1USN-8095-1
linux-nvidiaUbuntu
Fixed in:6.8.0-1049.52USN-8100-1
linux-nvidia-6.8Ubuntu
Fixed in:6.8.0-1049.52~22.04.1USN-8100-1
linux-nvidia-lowlatencyUbuntu
Fixed in:6.8.0-1049.52.1USN-8100-1
linux-oracleUbuntu
Fixed in:6.8.0-1047.48USN-8095-1
linux-oracle-6.8Ubuntu
Fixed in:6.8.0-1047.48~22.04.1USN-8095-1
linux-raspiUbuntu
Fixed in:6.8.0-1050.54USN-8095-5
linux-raspi-realtimeUbuntu
Fixed in:6.8.0-2040.41USN-8095-5
linux-realtimeUbuntu
Fixed in:6.8.1-1045.46USN-8095-3
linux-realtime-6.8Ubuntu
Fixed in:6.8.1-1045.46~22.04.1USN-8095-3
linux-xilinxUbuntu
Fixed in:6.8.0-1029.30USN-8261-1

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityNone
AvailabilityHigh

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploit Intelligence

0.23%probability of exploitation in 30 days
14thpercentile

Low risk: more likely to be exploited than 14% of all known CVEs.

References

Embed a live status badge for CVE-2025-40016
CVE-2025-40016 severity badge

Markdown

[![CVE-2025-40016](https://tridentstack.com/cve/badge/CVE-2025-40016.svg)](https://tridentstack.com/cve/CVE-2025-40016)

HTML

<a href="https://tridentstack.com/cve/CVE-2025-40016"><img src="https://tridentstack.com/cve/badge/CVE-2025-40016.svg" alt="CVE-2025-40016"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-04-18.