Linux Distros Unpatched Vulnerability : CVE-2025-40016

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: uvcvideo: Mark invalid entities with id UVCINVALIDENTITYID Per UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero unique ID. Each Uni...

media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID

...

EUVD-2025-35064

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Mark invalid entities with id UVCINVALIDENTITYID Per UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero unique ID. Each Unit and Terminal within the video function is assigned a unique...

CVE-2025-40016

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Mark invalid entities with id UVCINVALIDENTITYID Per UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero unique ID. Each Unit and Terminal within the video function is assigned a unique...

AZL-68595 CVE-2025-40016 affecting package kernel for versions less than 6.6.112.1-1

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Mark invalid entities with id UVCINVALIDENTITYID Per UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero unique ID. Each Unit and Terminal within the video function is assigned a unique...

UBUNTU-CVE-2025-40016

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Mark invalid entities with id UVCINVALIDENTITYID Per UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero unique ID. Each Unit and Terminal within the video function is assigned a unique...

CVE-2025-40016

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Mark invalid entities with id UVCINVALIDENTITYID Per UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero unique ID. Each Unit and Terminal within the video function is assigned a unique...

CVE-2025-40016

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Mark invalid entities with id UVCINVALIDENTITYID Per UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero unique ID. Each Unit and Terminal within the video function is assigned a unique...

CVE-2025-40016 media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Mark invalid entities with id UVCINVALIDENTITYID Per UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero unique ID. Each Unit and Terminal within the video function is assigned a unique...

CVE-2025-40016

CVE-2025-40016 affects the Linux kernel uvcvideo path. The fix marks entities with invalid IDs (UVC_INVALID_ENTITY_ID) to enforce non-zero unique IDs for Units and Terminals as required by UVC 1.1+. The change aims to prevent invalid or duplicate IDs (e.g., 0x00 or repeated IDs) from propagating ...

CVE-2025-40016 media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Mark invalid entities with id UVCINVALIDENTITYID Per UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero unique ID. Each Unit and Terminal within the video function is assigned a unique...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not properly handling invalid entity IDs, which could cause an entity to reference itself or trigger a warning...

JLSEC-2025-78 An issue was discovered in libxml2 before 2.10.3

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked...

PT-2025-42784

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contained an issue in the uvcvideo driver related to handling of Universal Video Class UVC entities. Specifically, the driver did not properly mark invalid entities with...

GHSA-4CPV-669C-R79X Prevent injection of invalid entity ids for "autocomplete" fields

Impact Under certain circumstances, an attacker could successfully submit an entity id for an EntityType that is not part of the valid choices. Affected applications are any that use: A custom querybuilder option to limit the valid results; AND An EntityType with 'autocomplete' = true or a custom...

PT-2023-27912 · Symfony · Symfony/Ux-Autocomplete

Name of the Vulnerable Software and Affected Versions: symfony/ux-autocomplete versions prior to 2.11.2 Description: The issue allows an attacker to submit an entity id for an EntityType that is not part of the valid choices under certain circumstances. This can occur in applications that use a...

Symfony UX Autocomplete Input Validation Error Vulnerability

Symfony UX Autocomplete is a Symfony open source JavaScript autocomplete feature for Symfony. An input validation error vulnerability exists in Symfony UX Autocomplete versions prior to 2.11.2. An attacker can exploit this vulnerability to successfully submit an invalid entity ID...

SUSE CVE-2022-40304

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked...

UBUNTU-CVE-2022-40304

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked...