Bug 2429576 (CVE-2025-71140) - CVE-2025-71140 kernel: media: mediatek: vcodec: Use spinlock for context list protection lock
Summary: CVE-2025-71140 kernel: media: mediatek: vcodec: Use spinlock for context list...
Keywords:
Status: NEW
Alias: CVE-2025-71140
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-01-14 16:01 UTC by OSIDB Bzimport
Modified: 2026-01-14 21:09 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2026-01-14 16:01:35 UTC 
In the Linux kernel, the following vulnerability has been resolved:

media: mediatek: vcodec: Use spinlock for context list protection lock

Previously a mutex was added to protect the encoder and decoder context
lists from unexpected changes originating from the SCP IP block, causing
the context pointer to go invalid, resulting in a NULL pointer
dereference in the IPI handler.

Turns out on the MT8173, the VPU IPI handler is called from hard IRQ
context. This causes a big warning from the scheduler. This was first
reported downstream on the ChromeOS kernels, but is also reproducible
on mainline using Fluster with the FFmpeg v4l2m2m decoders. Even though
the actual capture format is not supported, the affected code paths
are triggered.

Since this lock just protects the context list and operations on it are
very fast, it should be OK to switch to a spinlock.
Comment 1 Jon Moroney 2026-01-14 21:04:25 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026011455-CVE-2025-71140-a6fe@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.