{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T01:07:43.388","vulnerabilities":[{"cve":{"id":"CVE-2025-68808","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-01-13T16:16:02.967","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: vidtv: initialize local pointers upon transfer of memory ownership\n\nvidtv_channel_si_init() creates a temporary list (program, service, event)\nand ownership of the memory itself is transferred to the PAT/SDT/EIT\ntables through vidtv_psi_pat_program_assign(),\nvidtv_psi_sdt_service_assign(), vidtv_psi_eit_event_assign().\n\nThe problem here is that the local pointer where the memory ownership\ntransfer was completed is not initialized to NULL. This causes the\nvidtv_psi_pmt_create_sec_for_each_pat_entry() function to fail, and\nin the flow that jumps to free_eit, the memory that was freed by\nvidtv_psi_*_table_destroy() can be accessed again by\nvidtv_psi_*_event_destroy() due to the uninitialized local pointer, so it\nis freed once again.\n\nTherefore, to prevent use-after-free and double-free vulnerability,\nlocal pointers must be initialized to NULL when transferring memory\nownership."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nmedia: vidtv: inicializar punteros locales tras la transferencia de la propiedad de la memoria\n\nvidtv_channel_si_init() crea una lista temporal (programa, servicio, evento) y la propiedad de la memoria misma se transfiere a las tablas PAT/SDT/EIT a través de vidtv_psi_pat_program_assign(), vidtv_psi_sdt_service_assign(), vidtv_psi_eit_event_assign().\n\nEl problema aquí es que el puntero local donde se completó la transferencia de la propiedad de la memoria no se inicializa a NULL. Esto hace que la función vidtv_psi_pmt_create_sec_for_each_pat_entry() falle, y en el flujo que salta a free_eit, la memoria que fue liberada por vidtv_psi_*_table_destroy() puede ser accedida de nuevo por vidtv_psi_*_event_destroy() debido al puntero local no inicializado, por lo que se libera una vez más.\n\nPor lo tanto, para prevenir la vulnerabilidad de uso después de liberación y doble liberación, los punteros locales deben inicializarse a NULL al transferir la propiedad de la memoria."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/12ab6ebb37789b84073e83e4d9b14a5e0d133323","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/30f4d4e5224a9e44e9ceb3956489462319d804ce","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/3caa18d35f1dabe85a3dd31bc387f391ac9f9b4e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/98aabfe2d79f74613abc2b0b1cef08f97eaf5322","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/a69c7fd603bf5ad93177394fbd9711922ee81032","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/c342e294dac4988c8ada759b2f057246e48c5108","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/fb9bd6d8d314b748e946ed6555eb4a956ee8c4d8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}}]}