CVE-2025-38226 – A memory corruption vulnerability in the Linux ... (How to Fix)

Q: What is the severity of CVE-2025-38226?

CVE-2025-38226 has a CVSS score of 7.8 (HIGH). A memory corruption vulnerability in the Linux kernel's VIVID test driver allows out-of-bounds writes when processing video composition data. This affects systems with the VIVID driver enabled, potentially leading to kernel crashes or privilege escalation. The vulnerability is triggered when the composition size exceeds the capture rectangle bounds.

📋 TL;DR

A memory corruption vulnerability in the Linux kernel's VIVID test driver allows out-of-bounds writes when processing video composition data. This affects systems with the VIVID driver enabled, potentially leading to kernel crashes or privilege escalation. The vulnerability is triggered when the composition size exceeds the capture rectangle bounds.

💻 Affected Systems

Products:

Linux kernel

Versions: Linux kernel versions before fixes in stable trees (specific commits listed in references)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if CONFIG_VIDEO_VIVID=m or =y is enabled; VIVID is a test driver not typically enabled in production systems.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic, system crash, or local privilege escalation to root via memory corruption leading to arbitrary code execution in kernel context.

🟠

Likely Case

Kernel crash or system instability when the VIVID driver processes malformed video composition data, requiring system reboot.

🟢

If Mitigated

No impact if VIVID driver is disabled or system is patched; limited to local users with access to video device interfaces.

🌐 Internet-Facing: LOW - Requires local access to video device interfaces; not remotely exploitable.

🏢 Internal Only: MEDIUM - Local users could potentially exploit this to crash systems or escalate privileges if VIVID driver is enabled.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Discovered via syzkaller fuzzing; requires local access and ability to interact with video device interfaces. No public exploits known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in stable kernel trees via commits: 00da1c767a6567e56f23dda586847586868ac064, 57597d8db5bbda618ba2145b7e8a7e6f01b6a27e, 5d89aa42534723400fefd46e26e053b9c382b4ee, 635cea4f44c1ddae208666772c164eab5a6bce39, 89b5ab822bf69867c3951dd0eb34b0314c38966b

Vendor Advisory: https://git.kernel.org/stable/c/00da1c767a6567e56f23dda586847586868ac064

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing fixes. 2. Rebuild kernel if compiling from source. 3. Reboot system to load patched kernel.

🔧 Temporary Workarounds

Disable VIVID driver

linux

Disable the VIVID test driver module to prevent exploitation

echo 'blacklist vivid' >> /etc/modprobe.d/blacklist-vivid.conf
rmmod vivid
update-initramfs -u

🧯 If You Can't Patch

Disable VIVID driver module via kernel command line or modprobe blacklist
Restrict access to video device interfaces using SELinux/AppArmor or device permissions

🔍 How to Verify

Check if Vulnerable:

Check if VIVID module is loaded: lsmod | grep vivid && check kernel version against affected range

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits and VIVID module is either disabled or patched version

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
KASAN reports of vmalloc-out-of-bounds in tpg_fill_plane_pattern
System crashes related to vivid driver

Network Indicators:

None - local vulnerability only

SIEM Query:

kernel: *KASAN: vmalloc-out-of-bounds* AND *tpg_fill_plane_pattern* OR kernel: *BUG* AND *vivid*

📊 Metadata

CVE ID: CVE-2025-38226

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

EPSS Score: 0.02% exploit probability (5.3th percentile)

Published: July 4, 2025

Last Updated: December 18, 2025

🔗 References

https://git.kernel.org/stable/c/00da1c767a6567e56f23dda586847586868ac064 Patch
https://git.kernel.org/stable/c/57597d8db5bbda618ba2145b7e8a7e6f01b6a27e Patch
https://git.kernel.org/stable/c/5d89aa42534723400fefd46e26e053b9c382b4ee Patch
https://git.kernel.org/stable/c/635cea4f44c1ddae208666772c164eab5a6bce39 Patch
https://git.kernel.org/stable/c/89b5ab822bf69867c3951dd0eb34b0314c38966b Patch
https://git.kernel.org/stable/c/c56398885716d97ee9bcadb2bc9663a8c1757a34 Patch
https://git.kernel.org/stable/c/f6b1b0f8ba0b61d8b511df5649d57235f230c135 Patch
https://git.kernel.org/stable/c/f83ac8d30c43fd902af7c84c480f216157b60ef0 Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html Third Party Advisory,Mailing List
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html Third Party Advisory,Mailing List

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-38226, you might also want to check these: