CVE-2025-68808

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> media: vidtv: initialize local pointers upon transfer of memory ownership<br /> <br /> vidtv_channel_si_init() creates a temporary list (program, service, event)<br /> and ownership of the memory itself is transferred to the PAT/SDT/EIT<br /> tables through vidtv_psi_pat_program_assign(),<br /> vidtv_psi_sdt_service_assign(), vidtv_psi_eit_event_assign().<br /> <br /> The problem here is that the local pointer where the memory ownership<br /> transfer was completed is not initialized to NULL. This causes the<br /> vidtv_psi_pmt_create_sec_for_each_pat_entry() function to fail, and<br /> in the flow that jumps to free_eit, the memory that was freed by<br /> vidtv_psi_*_table_destroy() can be accessed again by<br /> vidtv_psi_*_event_destroy() due to the uninitialized local pointer, so it<br /> is freed once again.<br /> <br /> Therefore, to prevent use-after-free and double-free vulnerability,<br /> local pointers must be initialized to NULL when transferring memory<br /> ownership.