CVE-2026-31599

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> media: vidtv: fix NULL pointer dereference in vidtv_channel_pmt_match_sections<br /> <br /> syzbot reported a general protection fault in vidtv_psi_desc_assign [1].<br /> <br /> vidtv_psi_pmt_stream_init() can return NULL on memory allocation<br /> failure, but vidtv_channel_pmt_match_sections() does not check for<br /> this. When tail is NULL, the subsequent call to<br /> vidtv_psi_desc_assign(&amp;tail-&gt;descriptor, desc) dereferences a NULL<br /> pointer offset, causing a general protection fault.<br /> <br /> Add a NULL check after vidtv_psi_pmt_stream_init(). On failure, clean<br /> up the already-allocated stream chain and return.<br /> <br /> [1]<br /> Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI<br /> KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]<br /> RIP: 0010:vidtv_psi_desc_assign+0x24/0x90 drivers/media/test-drivers/vidtv/vidtv_psi.c:629<br /> Call Trace:<br /> <br /> vidtv_channel_pmt_match_sections drivers/media/test-drivers/vidtv/vidtv_channel.c:349 [inline]<br /> vidtv_channel_si_init+0x1445/0x1a50 drivers/media/test-drivers/vidtv/vidtv_channel.c:479<br /> vidtv_mux_init+0x526/0xbe0 drivers/media/test-drivers/vidtv/vidtv_mux.c:519<br /> vidtv_start_streaming drivers/media/test-drivers/vidtv/vidtv_bridge.c:194 [inline]<br /> vidtv_start_feed+0x33e/0x4d0 drivers/media/test-drivers/vidtv/vidtv_bridge.c:239