CVE-2025-68808 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

media: vidtv: initialize local pointers upon transfer of memory ownership

vidtv_channel_si_init() creates a temporary list (program, service, event)
and ownership of the memory itself is transferred to the PAT/SDT/EIT
tables through vidtv_psi_pat_program_assign(),
vidtv_psi_sdt_service_assign(), vidtv_psi_eit_event_assign().

The problem here is that the local pointer where the memory ownership
transfer was completed is not initialized to NULL. This causes the
vidtv_psi_pmt_create_sec_for_each_pat_entry() function to fail, and
in the flow that jumps to free_eit, the memory that was freed by
vidtv_psi_*_table_destroy() can be accessed again by
vidtv_psi_*_event_destroy() due to the uninitialized local pointer, so it
is freed once again.

Therefore, to prevent use-after-free and double-free vulnerability,
local pointers must be initialized to NULL when transferring memory
ownership.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00032.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`3be8037960bccd13052cfdeba8805ad785041d70`	affected	< c342e294dac4988c8ada759b2f057246e48c5108
`3be8037960bccd13052cfdeba8805ad785041d70`	affected	< 12ab6ebb37789b84073e83e4d9b14a5e0d133323
`3be8037960bccd13052cfdeba8805ad785041d70`	affected	< 3caa18d35f1dabe85a3dd31bc387f391ac9f9b4e
`3be8037960bccd13052cfdeba8805ad785041d70`	affected	< fb9bd6d8d314b748e946ed6555eb4a956ee8c4d8
`3be8037960bccd13052cfdeba8805ad785041d70`	affected	< a69c7fd603bf5ad93177394fbd9711922ee81032
`3be8037960bccd13052cfdeba8805ad785041d70`	affected	< 30f4d4e5224a9e44e9ceb3956489462319d804ce
`3be8037960bccd13052cfdeba8805ad785041d70`	affected	< 98aabfe2d79f74613abc2b0b1cef08f97eaf5322

Linux

affected

Version	Status	Constraints
`5.10`	affected	—
`0`	unaffected	< 5.10
`5.10.248`	unaffected	≤ 5.10.*
`5.15.198`	unaffected	≤ 5.15.*
`6.1.160`	unaffected	≤ 6.1.*
`6.6.120`	unaffected	≤ 6.6.*
`6.12.64`	unaffected	≤ 6.12.*
`6.18.3`	unaffected	≤ 6.18.*
`6.19`	unaffected	≤ *

No data.

Project Subscriptions

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Advisories

Source	ID	Title
Debian DSA	DSA-6126-1	linux security update
Debian DSA	DSA-6127-1	linux security update

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/12ab6ebb37789b84073e83e4d9b14a5e0d133323
https://git.kernel.org/stable/c/30f4d4e5224a9e44e9ceb3956489462319d804ce
https://git.kernel.org/stable/c/3caa18d35f1dabe85a3dd31bc387f391ac9f9b4e
https://git.kernel.org/stable/c/98aabfe2d79f74613abc2b0b1cef08f97eaf5322
https://git.kernel.org/stable/c/a69c7fd603bf5ad93177394fbd9711922ee81032
https://git.kernel.org/stable/c/c342e294dac4988c8ada759b2f057246e48c5108
https://git.kernel.org/stable/c/fb9bd6d8d314b748e946ed6555eb4a956ee8c4d8
https://lore.kernel.org/linux-cve-announce/2026011310-CVE-2025-68808-4cb9@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-68808
https://www.cve.org/CVERecord?id=CVE-2025-68808

History

Mon, 19 Jan 2026 12:45:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/12ab6ebb37789b84073e83e4d9b14a5e0d133323 https://git.kernel.org/stable/c/c342e294dac4988c8ada759b2f057246e48c5108

Thu, 15 Jan 2026 12:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2026011310-CVE-2025-68808-4cb9@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-68808 https://www.cve.org/CVERecord?id=CVE-2025-68808

Tue, 13 Jan 2026 15:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: media: vidtv: initialize local pointers upon transfer of memory ownership vidtv_channel_si_init() creates a temporary list (program, service, event) and ownership of the memory itself is transferred to the PAT/SDT/EIT tables through vidtv_psi_pat_program_assign(), vidtv_psi_sdt_service_assign(), vidtv_psi_eit_event_assign(). The problem here is that the local pointer where the memory ownership transfer was completed is not initialized to NULL. This causes the vidtv_psi_pmt_create_sec_for_each_pat_entry() function to fail, and in the flow that jumps to free_eit, the memory that was freed by vidtv_psi__table_destroy() can be accessed again by vidtv_psi__event_destroy() due to the uninitialized local pointer, so it is freed once again. Therefore, to prevent use-after-free and double-free vulnerability, local pointers must be initialized to NULL when transferring memory ownership.
Title		media: vidtv: initialize local pointers upon transfer of memory ownership
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/30f4d4e5224a9e44e9ceb3956489462319d804ce https://git.kernel.org/stable/c/3caa18d35f1dabe85a3dd31bc387f391ac9f9b4e https://git.kernel.org/stable/c/98aabfe2d79f74613abc2b0b1cef08f97eaf5322 https://git.kernel.org/stable/c/a69c7fd603bf5ad93177394fbd9711922ee81032 https://git.kernel.org/stable/c/fb9bd6d8d314b748e946ed6555eb4a956ee8c4d8

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-01-13T15:29:15.164Z

Updated: 2026-02-09T08:33:57.275Z

Reserved: 2025-12-24T10:30:51.045Z

Link: CVE-2025-68808

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-01-13T16:16:02.967

Modified: 2026-01-19T13:16:14.850

Link: CVE-2025-68808

Redhat

Severity :

Publid Date: 2026-01-13T00:00:00Z

Links: CVE-2025-68808 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

No weakness.

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object