{"id":"CVE-2025-40208","summary":"media: iris: fix module removal if firmware download failed","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: iris: fix module removal if firmware download failed\n\nFix remove if firmware failed to load:\nqcom-iris aa00000.video-codec: Direct firmware load for qcom/vpu/vpu33_p4.mbn failed with error -2\nqcom-iris aa00000.video-codec: firmware download failed\nqcom-iris aa00000.video-codec: core init failed\n\nthen:\n$ echo aa00000.video-codec \u003e /sys/bus/platform/drivers/qcom-iris/unbind\n\nTriggers:\ngenpd genpd:1:aa00000.video-codec: Runtime PM usage count underflow!\n------------[ cut here ]------------\nvideo_cc_mvs0_clk already disabled\nWARNING: drivers/clk/clk.c:1206 at clk_core_disable+0xa4/0xac, CPU#1: sh/542\n\u003csnip\u003e\npc : clk_core_disable+0xa4/0xac\nlr : clk_core_disable+0xa4/0xac\n\u003csnip\u003e\nCall trace:\n clk_core_disable+0xa4/0xac (P)\n clk_disable+0x30/0x4c\n iris_disable_unprepare_clock+0x20/0x48 [qcom_iris]\n iris_vpu_power_off_hw+0x48/0x58 [qcom_iris]\n iris_vpu33_power_off_hardware+0x44/0x230 [qcom_iris]\n iris_vpu_power_off+0x34/0x84 [qcom_iris]\n iris_core_deinit+0x44/0xc8 [qcom_iris]\n iris_remove+0x20/0x48 [qcom_iris]\n platform_remove+0x20/0x30\n device_remove+0x4c/0x80\n\u003csnip\u003e\n---[ end trace 0000000000000000 ]---\n------------[ cut here ]------------\nvideo_cc_mvs0_clk already unprepared\nWARNING: drivers/clk/clk.c:1065 at clk_core_unprepare+0xf0/0x110, CPU#2: sh/542\n\u003csnip\u003e\npc : clk_core_unprepare+0xf0/0x110\nlr : clk_core_unprepare+0xf0/0x110\n\u003csnip\u003e\nCall trace:\n clk_core_unprepare+0xf0/0x110 (P)\n clk_unprepare+0x2c/0x44\n iris_disable_unprepare_clock+0x28/0x48 [qcom_iris]\n iris_vpu_power_off_hw+0x48/0x58 [qcom_iris]\n iris_vpu33_power_off_hardware+0x44/0x230 [qcom_iris]\n iris_vpu_power_off+0x34/0x84 [qcom_iris]\n iris_core_deinit+0x44/0xc8 [qcom_iris]\n iris_remove+0x20/0x48 [qcom_iris]\n platform_remove+0x20/0x30\n device_remove+0x4c/0x80\n\u003csnip\u003e\n---[ end trace 0000000000000000 ]---\ngenpd genpd:0:aa00000.video-codec: Runtime PM usage count underflow!\n------------[ cut here ]------------\ngcc_video_axi0_clk already disabled\nWARNING: drivers/clk/clk.c:1206 at clk_core_disable+0xa4/0xac, CPU#4: sh/542\n\u003csnip\u003e\npc : clk_core_disable+0xa4/0xac\nlr : clk_core_disable+0xa4/0xac\n\u003csnip\u003e\nCall trace:\n clk_core_disable+0xa4/0xac (P)\n clk_disable+0x30/0x4c\n iris_disable_unprepare_clock+0x20/0x48 [qcom_iris]\n iris_vpu33_power_off_controller+0x17c/0x428 [qcom_iris]\n iris_vpu_power_off+0x48/0x84 [qcom_iris]\n iris_core_deinit+0x44/0xc8 [qcom_iris]\n iris_remove+0x20/0x48 [qcom_iris]\n platform_remove+0x20/0x30\n device_remove+0x4c/0x80\n\u003csnip\u003e\n------------[ cut here ]------------\ngcc_video_axi0_clk already unprepared\nWARNING: drivers/clk/clk.c:1065 at clk_core_unprepare+0xf0/0x110, CPU#4: sh/542\n\u003csnip\u003e\npc : clk_core_unprepare+0xf0/0x110\nlr : clk_core_unprepare+0xf0/0x110\n\u003csnip\u003e\nCall trace:\n clk_core_unprepare+0xf0/0x110 (P)\n clk_unprepare+0x2c/0x44\n iris_disable_unprepare_clock+0x28/0x48 [qcom_iris]\n iris_vpu33_power_off_controller+0x17c/0x428 [qcom_iris]\n iris_vpu_power_off+0x48/0x84 [qcom_iris]\n iris_core_deinit+0x44/0xc8 [qcom_iris]\n iris_remove+0x20/0x48 [qcom_iris]\n platform_remove+0x20/0x30\n device_remove+0x4c/0x80\n\u003csnip\u003e\n---[ end trace 0000000000000000 ]---\n\nSkip deinit if initialization never succeeded.","modified":"2026-04-02T12:48:19.436971Z","published":"2025-11-12T21:56:36.261Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40208.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/7a0a77b936ff28f59c271172e81cefebf7b2b7a6"},{"type":"WEB","url":"https://git.kernel.org/stable/c/fde38008fc4f43db8c17869491870df24b501543"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40208.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-40208"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"d7378f84e94e14998b3469dcc0d8ce609d049ccc"},{"fixed":"7a0a77b936ff28f59c271172e81cefebf7b2b7a6"},{"fixed":"fde38008fc4f43db8c17869491870df24b501543"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-40208.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"6.15.0"},{"fixed":"6.17.4"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-40208.json"}}],"schema_version":"1.7.5"}