Bug 2429100 (CVE-2025-68808) - CVE-2025-68808 kernel: media: vidtv: initialize local pointers upon transfer of memory ownership
Summary: CVE-2025-68808 kernel: media: vidtv: initialize local pointers upon transfer ...
Keywords:
Status: NEW
Alias: CVE-2025-68808
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-01-13 16:06 UTC by OSIDB Bzimport
Modified: 2026-01-14 23:33 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2026-01-13 16:06:44 UTC 
In the Linux kernel, the following vulnerability has been resolved:

media: vidtv: initialize local pointers upon transfer of memory ownership

vidtv_channel_si_init() creates a temporary list (program, service, event)
and ownership of the memory itself is transferred to the PAT/SDT/EIT
tables through vidtv_psi_pat_program_assign(),
vidtv_psi_sdt_service_assign(), vidtv_psi_eit_event_assign().

The problem here is that the local pointer where the memory ownership
transfer was completed is not initialized to NULL. This causes the
vidtv_psi_pmt_create_sec_for_each_pat_entry() function to fail, and
in the flow that jumps to free_eit, the memory that was freed by
vidtv_psi_*_table_destroy() can be accessed again by
vidtv_psi_*_event_destroy() due to the uninitialized local pointer, so it
is freed once again.

Therefore, to prevent use-after-free and double-free vulnerability,
local pointers must be initialized to NULL when transferring memory
ownership.
Comment 1 Jon Moroney 2026-01-14 23:29:23 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026011310-CVE-2025-68808-4cb9@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.