CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-38227: media: vidtv: Terminating the subsequent process of initialization failure

Description

In the Linux kernel, the following vulnerability has been resolved:

media: vidtv: Terminating the subsequent process of initialization failure

syzbot reported a slab-use-after-free Read in vidtv_mux_init. [1]

After PSI initialization fails, the si member is accessed again, resulting
in this uaf.

After si initialization fails, the subsequent process needs to be exited.

[1]
BUG: KASAN: slab-use-after-free in vidtv_mux_pid_ctx_init drivers/media/test-drivers/vidtv/vidtv_mux.c:78 [inline]
BUG: KASAN: slab-use-after-free in vidtv_mux_init+0xac2/0xbe0 drivers/media/test-drivers/vidtv/vidtv_mux.c:524
Read of size 8 at addr ffff88802fa42acc by task syz.2.37/6059

CPU: 0 UID: 0 PID: 6059 Comm: syz.2.37 Not tainted 6.14.0-rc5-syzkaller #0
Hardware name: Google Compute Engine, BIOS Google 02/12/2025
Call Trace:

__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
print_address_description mm/kasan/report.c:408 [inline]
print_report+0xc3/0x670 mm/kasan/report.c:521
kasan_report+0xd9/0x110 mm/kasan/report.c:634
vidtv_mux_pid_ctx_init drivers/media/test-drivers/vidtv/vidtv_mux.c:78
vidtv_mux_init+0xac2/0xbe0 drivers/media/test-drivers/vidtv/vidtv_mux.c:524
vidtv_start_streaming drivers/media/test-drivers/vidtv/vidtv_bridge.c:194
vidtv_start_feed drivers/media/test-drivers/vidtv/vidtv_bridge.c:239
dmx_section_feed_start_filtering drivers/media/dvb-core/dvb_demux.c:973
dvb_dmxdev_feed_start drivers/media/dvb-core/dmxdev.c:508 [inline]
dvb_dmxdev_...

Classification

CVE ID: CVE-2025-38227

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 4.96% (scored less or equal to compared to others)

EPSS Date: 2025-07-06 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-38227
https://git.kernel.org/stable/c/e1d72ff111eceea6b28dccb7ca4e8f4900b11729
https://git.kernel.org/stable/c/7e62be1f3b241bc9faee547864bb39332955509b
https://git.kernel.org/stable/c/685c18bc5a36f823ee725e85aac1303ef5f535ba
https://git.kernel.org/stable/c/9824e1732a163e005aa84e12ec439493ebd4f097
https://git.kernel.org/stable/c/72541cae73d0809a6416bfcd2ee6473046a0013a
https://git.kernel.org/stable/c/f8c2483be6e8bb6c2148315b4a924c65bb442b5e
https://git.kernel.org/stable/c/1d5f88f053480326873115092bc116b7d14916ba

Timeline