UBUNTU-CVE-2025-22027

MEDIUM5.5

Published Apr 16, 2025

Modified 6 months ago

Fix available

Details

In the Linux kernel, the following vulnerability has been resolved: media: streamzap: fix race between device disconnection and urb callback Syzkaller has reported a general protection fault at function ir_raw_event_store_with_filter(). This crash is caused by a NULL pointer dereference of dev->raw pointer, even though it is checked for NULL in the same function, which means there is a race condition. It occurs due to the incorrect order of actions in the streamzap_disconnect() function: rc_unregister_device() is called before usb_kill_urb(). The dev->raw pointer is freed and set to NULL in rc_unregister_device(), and only after that usb_kill_urb() waits for in-progress requests to finish. If rc_unregister_device() is called while streamzap_callback() handler is not finished, this can lead to accessing freed resources. Thus rc_unregister_device() should be called after usb_kill_urb(). Found by Linux Verification Center (linuxtesting.org) with Syzkaller.

Affected Packages(218 packages)

linux

Ubuntu Pro 14.04 LTSUbuntu 14.04 LTS

Affected versions:

3.11.0-12.193.12.0-1.33.12.0-2.53.12.0-2.73.12.0-3.83.12.0-3.93.12.0-4.103.12.0-4.123.12.0-5.133.12.0-7.15+170 more

linux

Ubuntu 24.04 LTS

Affected versions:

6.5.0-9.96.6.0-14.146.8.0-11.116.8.0-20.206.8.0-22.226.8.0-28.286.8.0-31.316.8.0-35.356.8.0-36.366.8.0-38.38+21 more

linux

Ubuntu Pro 18.04 LTSUbuntu 18.04 LTS

Affected versions:

4.13.0-16.194.13.0-17.204.13.0-25.294.13.0-32.354.15.0-10.114.15.0-101.1024.15.0-106.1074.15.0-108.1094.15.0-109.1104.15.0-111.112+130 more

linux

Ubuntu 22.04 LTS

Affected versions:

5.13.0-19.195.15.0-100.1105.15.0-101.1115.15.0-102.1125.15.0-105.1155.15.0-106.1165.15.0-107.1175.15.0-112.1225.15.0-113.1235.15.0-116.126+67 more

Fixed in:

5.15.0-144.157

linux

Ubuntu Pro 20.04 LTS

Affected versions:

5.3.0-18.195.3.0-24.265.4.0-100.1135.4.0-104.1185.4.0-105.1195.4.0-107.1215.4.0-109.1235.4.0-110.1245.4.0-113.1275.4.0-117.132+109 more

linux

Ubuntu 16.04 LTSUbuntu Pro 16.04 LTS

Affected versions:

4.2.0-16.194.2.0-17.214.2.0-19.234.3.0-1.104.3.0-2.114.3.0-5.164.3.0-6.174.3.0-7.184.4.0-10.254.4.0-101.124+167 more

linux

Ubuntu 25.04

Affected versions:

6.11.0-8.86.12.0-12.126.12.0-15.156.12.0-16.166.14.0-10.106.14.0-11.116.14.0-13.136.14.0-15.156.14.0-7.7

Fixed in:

6.14.0-22.22

linux-allwinner-5.19

Ubuntu 22.04 LTS

Affected versions:

5.19.0-1007.7~22.04.15.19.0-1009.9~22.04.15.19.0-1010.10~22.04.15.19.0-1011.11~22.04.15.19.0-1012.12~22.04.15.19.0-1013.13~22.04.15.19.0-1014.14~22.04.15.19.0-1015.15~22.04.1

linux-aws

Ubuntu Pro 14.04 LTS

Affected versions:

4.4.0-1002.24.4.0-1003.34.4.0-1005.54.4.0-1006.64.4.0-1009.94.4.0-1010.104.4.0-1011.114.4.0-1012.124.4.0-1014.144.4.0-1016.16+94 more

linux-aws

Ubuntu 22.04 LTS

Affected versions:

5.13.0-1005.65.15.0-1002.45.15.0-1003.55.15.0-1004.65.15.0-1005.75.15.0-1008.105.15.0-1009.115.15.0-1011.145.15.0-1013.175.15.0-1014.18+59 more

Fixed in:

5.15.0-1088.95

References

REPORThttps://git.kernel.org/linus/f656cfbc7a293a039d6a0c7100e1c846845148c1 REPORThttps://git.kernel.org/stable/c/15483afb930fc2f883702dc96f80efbe4055235e REPORThttps://git.kernel.org/stable/c/30ef7cfee752ca318d5902cb67b60d9797ccd378 REPORThttps://git.kernel.org/stable/c/4db62b60af2ccdea6ac5452fd20e29587ed85f57 REPORThttps://git.kernel.org/stable/c/8760da4b9d44c36b93b6e4cf401ec7fe520015bd REPORThttps://git.kernel.org/stable/c/adf0ddb914c9e5b3e50da4c97959e82de2df75c3 REPORThttps://git.kernel.org/stable/c/f656cfbc7a293a039d6a0c7100e1c846845148c1 REPORThttps://ubuntu.com/security/CVE-2025-22027 ADVISORYhttps://ubuntu.com/security/notices/USN-7594-1 ADVISORYhttps://ubuntu.com/security/notices/USN-7594-2 ADVISORYhttps://ubuntu.com/security/notices/USN-7594-3 ADVISORYhttps://ubuntu.com/security/notices/USN-7605-1 ADVISORYhttps://ubuntu.com/security/notices/USN-7605-2 ADVISORYhttps://ubuntu.com/security/notices/USN-7606-1 ADVISORYhttps://ubuntu.com/security/notices/USN-7628-1 REPORThttps://www.cve.org/CVERecord?id=CVE-2025-22027

CVSS Analysis

CVSS v3.1

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

HighAC:H

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

HighA:H

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Upstream

CVE-2025-22027

USN-7594-1 USN-7594-2 USN-7594-3 USN-7605-1 USN-7605-2 USN-7606-1 USN-7628-1

Ecosystems(30)

Ubuntu Pro 14.04 LTS Ubuntu 24.04 LTS Ubuntu Pro 18.04 LTS Ubuntu 22.04 LTS Ubuntu Pro 20.04 LTS

Timeline

PublishedApr 16, 2025

ModifiedJul 14, 2025

UBUNTU-CVE-2025-22027 | Mondoo Vulnerability Intelligence

UBUNTU-CVE-2025-22027

Details

Affected Packages(218 packages)

References

CVSS Analysis

Upstream

Related

Ecosystems(30)

Timeline