CVE-2024-57834

If dvb->mux is not initialized successfully by vidtvmuxinit() in the vidtvstartstreaming(), it will trigger null pointer dereference about mux in vidtvmuxstop_thread().

Adjust the timing of streaming initialization and check it before stopping it.

[1] KASAN: null-ptr-deref in range [0x0000000000000128-0x000000000000012f] CPU: 0 UID: 0 PID: 5842 Comm: syz-executor248 Not tainted 6.13.0-rc4-syzkaller-00012-g9b2ffa6148b1 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:vidtvmuxstopthread+0x26/0x80 drivers/media/test-drivers/vidtv/vidtvmux.c:471 Code: 90 90 90 90 66 0f 1f 00 55 53 48 89 fb e8 82 2e c8 f9 48 8d bb 28 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 02 7e 3b 0f b6 ab 28 01 00 00 31 ff 89 ee e8 RSP: 0018:ffffc90003f2faa8 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff87cfb125 RDX: 0000000000000025 RSI: ffffffff87d120ce RDI: 0000000000000128 RBP: ffff888029b8d220 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000003 R12: ffff888029b8d188 R13: ffffffff8f590aa0 R14: ffffc9000581c5c8 R15: ffff888029a17710 FS: 00007f7eef5156c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f7eef5e635c CR3: 0000000076ca6000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> vidtvstopstreaming drivers/media/test-drivers/vidtv/vidtvbridge.c:209 [inline] vidtvstopfeed+0x151/0x250 drivers/media/test-drivers/vidtv/vidtvbridge.c:252 dmxsectionfeedstopfiltering+0x90/0x160 drivers/media/dvb-core/dvbdemux.c:1000 dvbdmxdevfeedstop.isra.0+0x1ee/0x270 drivers/media/dvb-core/dmxdev.c:486 dvbdmxdevfilterstop+0x22a/0x3a0 drivers/media/dvb-core/dmxdev.c:559 dvbdmxdevfilterfree drivers/media/dvb-core/dmxdev.c:840 [inline] dvbdemuxrelease+0x92/0x550 drivers/media/dvb-core/dmxdev.c:1246 _fput+0x3f8/0xb60 fs/filetable.c:450 taskworkrun+0x14e/0x250 kernel/taskwork.c:239 getsignal+0x1d3/0x2610 kernel/signal.c:2790 archdosignalorrestart+0x90/0x7e0 arch/x86/kernel/signal.c:337 exittousermodeloop kernel/entry/common.c:111 [inline] exittousermodeprepare include/linux/entry-common.h:329 [inline] _syscallexittousermodework kernel/entry/common.c:207 [inline] syscallexittousermode+0x150/0x2a0 kernel/entry/common.c:218 dosyscall64+0xda/0x250 arch/x86/entry/common.c:89 entrySYSCALL64afterhwframe+0x77/0x7f

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/57xxx/CVE-2024-57834.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

f90cf6079bf67988f8b1ad1ade70fc89d0080905

Fixed

52d3512f9a7a52ef92864679b1e8e8aa16202c6a

Fixed

59a707ad952eb2ea8d59457d662b6f4138f17b08

Fixed

86307e443c5844f38e1b98e2c51a4195c55576cd

Fixed

2c5601b99d79d196fe4a37159e3dfb38e778ea18

Fixed

95432a37778c9c5dd105b7b9f19e9695c9e166cf

Fixed

904a8323cc8afa7eb9ce3e67303a2b3f2f787306

Fixed

1221989555db711578a327a9367f1be46500cb48

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.10.0

Fixed

5.10.235

Type: ECOSYSTEM
Events: Introduced

5.11.0

Fixed

5.15.179

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

6.1.129

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.79

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.16

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.13.4