-

CVE-2025-68808

EPSS 0.07%
Veröffentlicht 13.01.2026 15:29:15
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

media: vidtv: initialize local pointers upon transfer of memory ownership

In the Linux kernel, the following vulnerability has been resolved:

media: vidtv: initialize local pointers upon transfer of memory ownership

vidtv_channel_si_init() creates a temporary list (program, service, event)
and ownership of the memory itself is transferred to the PAT/SDT/EIT
tables through vidtv_psi_pat_program_assign(),
vidtv_psi_sdt_service_assign(), vidtv_psi_eit_event_assign().

The problem here is that the local pointer where the memory ownership
transfer was completed is not initialized to NULL. This causes the
vidtv_psi_pmt_create_sec_for_each_pat_entry() function to fail, and
in the flow that jumps to free_eit, the memory that was freed by
vidtv_psi_*_table_destroy() can be accessed again by
vidtv_psi_*_event_destroy() due to the uninitialized local pointer, so it
is freed once again.

Therefore, to prevent use-after-free and double-free vulnerability,
local pointers must be initialized to NULL when transferring memory
ownership.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 10

CNA 2 VulnDex Vulnerability Enrichment 9

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version 3be8037960bccd13052cfdeba8805ad785041d70

Version < c342e294dac4988c8ada759b2f057246e48c5108

Status affected

Version 3be8037960bccd13052cfdeba8805ad785041d70

Version < 12ab6ebb37789b84073e83e4d9b14a5e0d133323

Status affected

Version 3be8037960bccd13052cfdeba8805ad785041d70

Version < 3caa18d35f1dabe85a3dd31bc387f391ac9f9b4e

Status affected

Version 3be8037960bccd13052cfdeba8805ad785041d70

Version < fb9bd6d8d314b748e946ed6555eb4a956ee8c4d8

Status affected

Version 3be8037960bccd13052cfdeba8805ad785041d70

Version < a69c7fd603bf5ad93177394fbd9711922ee81032

Status affected

Version 3be8037960bccd13052cfdeba8805ad785041d70

Version < 30f4d4e5224a9e44e9ceb3956489462319d804ce

Status affected

Version 3be8037960bccd13052cfdeba8805ad785041d70

Version < 98aabfe2d79f74613abc2b0b1cef08f97eaf5322

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.10

Status affected

Version 0

Version < 5.10

Status unaffected

Version <= 5.10.*

Version 5.10.248

Status unaffected

Version <= 5.15.*

Version 5.15.198

Status unaffected

Version <= 6.1.*

Version 6.1.160

Status unaffected

Version <= 6.6.*

Version 6.6.120

Status unaffected

Version <= 6.12.*

Version 6.12.64

Status unaffected

Version <= 6.18.*

Version 6.18.3

Status unaffected

Version <= *

Version 6.19

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.21

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/3caa18d35f1dabe85a3dd31bc387f391ac9f9b4e

https://git.kernel.org/stable/c/fb9bd6d8d314b748e946ed6555eb4a956ee8c4d8

https://git.kernel.org/stable/c/a69c7fd603bf5ad93177394fbd9711922ee81032

https://git.kernel.org/stable/c/30f4d4e5224a9e44e9ceb3956489462319d804ce

https://git.kernel.org/stable/c/98aabfe2d79f74613abc2b0b1cef08f97eaf5322

https://git.kernel.org/stable/c/12ab6ebb37789b84073e83e4d9b14a5e0d133323

https://git.kernel.org/stable/c/c342e294dac4988c8ada759b2f057246e48c5108

https://nvd.nist.gov/vuln/detail/CVE-2025-68808

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-68808

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-68808

EUVD