CVE-2024-57834

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-57834
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-57834.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-57834
Downstream
Related
Published
2025-02-27T02:18:09.085Z
Modified
2026-03-12T02:19:35.071953Z
Summary
media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread
Details

In the Linux kernel, the following vulnerability has been resolved:

media: vidtv: Fix a null-ptr-deref in vidtvmuxstop_thread

syzbot report a null-ptr-deref in vidtvmuxstop_thread. [1]

If dvb->mux is not initialized successfully by vidtvmuxinit() in the vidtvstartstreaming(), it will trigger null pointer dereference about mux in vidtvmuxstop_thread().

Adjust the timing of streaming initialization and check it before stopping it.

[1] KASAN: null-ptr-deref in range [0x0000000000000128-0x000000000000012f] CPU: 0 UID: 0 PID: 5842 Comm: syz-executor248 Not tainted 6.13.0-rc4-syzkaller-00012-g9b2ffa6148b1 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:vidtvmuxstopthread+0x26/0x80 drivers/media/test-drivers/vidtv/vidtvmux.c:471 Code: 90 90 90 90 66 0f 1f 00 55 53 48 89 fb e8 82 2e c8 f9 48 8d bb 28 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 02 7e 3b 0f b6 ab 28 01 00 00 31 ff 89 ee e8 RSP: 0018:ffffc90003f2faa8 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff87cfb125 RDX: 0000000000000025 RSI: ffffffff87d120ce RDI: 0000000000000128 RBP: ffff888029b8d220 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000003 R12: ffff888029b8d188 R13: ffffffff8f590aa0 R14: ffffc9000581c5c8 R15: ffff888029a17710 FS: 00007f7eef5156c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f7eef5e635c CR3: 0000000076ca6000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> vidtvstopstreaming drivers/media/test-drivers/vidtv/vidtvbridge.c:209 [inline] vidtvstopfeed+0x151/0x250 drivers/media/test-drivers/vidtv/vidtvbridge.c:252 dmxsectionfeedstopfiltering+0x90/0x160 drivers/media/dvb-core/dvbdemux.c:1000 dvbdmxdevfeedstop.isra.0+0x1ee/0x270 drivers/media/dvb-core/dmxdev.c:486 dvbdmxdevfilterstop+0x22a/0x3a0 drivers/media/dvb-core/dmxdev.c:559 dvbdmxdevfilterfree drivers/media/dvb-core/dmxdev.c:840 [inline] dvbdemuxrelease+0x92/0x550 drivers/media/dvb-core/dmxdev.c:1246 __fput+0x3f8/0xb60 fs/filetable.c:450 taskwork_run+0x14e/0x250 kernel/taskwork.c:239 getsignal+0x1d3/0x2610 kernel/signal.c:2790 archdosignalorrestart+0x90/0x7e0 arch/x86/kernel/signal.c:337 exittousermodeloop kernel/entry/common.c:111 [inline] exittousermodeprepare include/linux/entry-common.h:329 [inline] _syscallexittousermodework kernel/entry/common.c:207 [inline] syscallexittousermode+0x150/0x2a0 kernel/entry/common.c:218 dosyscall64+0xda/0x250 arch/x86/entry/common.c:89 entrySYSCALL64afterhwframe+0x77/0x7f

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/57xxx/CVE-2024-57834.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
f90cf6079bf67988f8b1ad1ade70fc89d0080905
Fixed
52d3512f9a7a52ef92864679b1e8e8aa16202c6a
Fixed
59a707ad952eb2ea8d59457d662b6f4138f17b08
Fixed
86307e443c5844f38e1b98e2c51a4195c55576cd
Fixed
2c5601b99d79d196fe4a37159e3dfb38e778ea18
Fixed
95432a37778c9c5dd105b7b9f19e9695c9e166cf
Fixed
904a8323cc8afa7eb9ce3e67303a2b3f2f787306
Fixed
1221989555db711578a327a9367f1be46500cb48

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-57834.json"