Wind River Support Network

HomeDefectsLIN1022-16436
Acknowledged

LIN1022-16436 : Security Advisory - linux - CVE-2025-38227

Created: Jul 7, 2025    Updated: Jul 8, 2025
Found In Version: 10.22.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Kernel

Description

In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]media: vidtv: Terminating the subsequent process of initialization failure[EOL][EOL]syzbot reported a slab-use-after-free Read in vidtv_mux_init. [1][EOL][EOL]After PSI initialization fails, the si member is accessed again, resulting[EOL]in this uaf.[EOL][EOL]After si initialization fails, the subsequent process needs to be exited.[EOL][EOL][1][EOL]BUG: KASAN: slab-use-after-free in vidtv_mux_pid_ctx_init drivers/media/test-drivers/vidtv/vidtv_mux.c:78 [inline][EOL]BUG: KASAN: slab-use-after-free in vidtv_mux_init+0xac2/0xbe0 drivers/media/test-drivers/vidtv/vidtv_mux.c:524[EOL]Read of size 8 at addr ffff88802fa42acc by task syz.2.37/6059[EOL][EOL]CPU: 0 UID: 0 PID: 6059 Comm: syz.2.37 Not tainted 6.14.0-rc5-syzkaller #0[EOL]Hardware name: Google Compute Engine, BIOS Google 02/12/2025[EOL]Call Trace:[EOL]<TASK>[EOL]__dump_stack lib/dump_stack.c:94 [inline][EOL]dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120[EOL]print_address_description mm/kasan/report.c:408 [inline][EOL]print_report+0xc3/0x670 mm/kasan/report.c:521[EOL]kasan_report+0xd9/0x110 mm/kasan/report.c:634[EOL]vidtv_mux_pid_ctx_init drivers/media/test-drivers/vidtv/vidtv_mux.c:78[EOL]vidtv_mux_init+0xac2/0xbe0 drivers/media/test-drivers/vidtv/vidtv_mux.c:524[EOL]vidtv_start_streaming drivers/media/test-drivers/vidtv/vidtv_bridge.c:194[EOL]vidtv_start_feed drivers/media/test-drivers/vidtv/vidtv_bridge.c:239[EOL]dmx_section_feed_start_filtering drivers/media/dvb-core/dvb_demux.c:973[EOL]dvb_dmxdev_feed_start drivers/media/dvb-core/dmxdev.c:508 [inline][EOL]dvb_dmxdev_feed_restart.isra.0 drivers/media/dvb-core/dmxdev.c:537[EOL]dvb_dmxdev_filter_stop+0x2b4/0x3a0 drivers/media/dvb-core/dmxdev.c:564[EOL]dvb_dmxdev_filter_free drivers/media/dvb-core/dmxdev.c:840 [inline][EOL]dvb_demux_release+0x92/0x550 drivers/media/dvb-core/dmxdev.c:1246[EOL]__fput+0x3ff/0xb70 fs/file_table.c:464[EOL]task_work_run+0x14e/0x250 kernel/task_work.c:227[EOL]exit_task_work include/linux/task_work.h:40 [inline][EOL]do_exit+0xad8/0x2d70 kernel/exit.c:938[EOL]do_group_exit+0xd3/0x2a0 kernel/exit.c:1087[EOL]__do_sys_exit_group kernel/exit.c:1098 [inline][EOL]__se_sys_exit_group kernel/exit.c:1096 [inline][EOL]__x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1096[EOL]x64_sys_call+0x151f/0x1720 arch/x86/include/generated/asm/syscalls_64.h:232[EOL]do_syscall_x64 arch/x86/entry/common.c:52 [inline][EOL]do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83[EOL]entry_SYSCALL_64_after_hwframe+0x77/0x7f[EOL]RIP: 0033:0x7f871d58d169[EOL]Code: Unable to access opcode bytes at 0x7f871d58d13f.[EOL]RSP: 002b:00007fff4b19a788 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7[EOL]RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f871d58d169[EOL]RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000[EOL]RBP: 00007fff4b19a7ec R08: 0000000b4b19a87f R09: 00000000000927c0[EOL]R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000003[EOL]R13: 00000000000927c0 R14: 000000000001d553 R15: 00007fff4b19a840[EOL] </TASK>[EOL][EOL]Allocated by task 6059:[EOL] kasan_save_stack+0x33/0x60 mm/kasan/common.c:47[EOL] kasan_save_track+0x14/0x30 mm/kasan/common.c:68[EOL] poison_kmalloc_redzone mm/kasan/common.c:377 [inline][EOL] __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394[EOL] kmalloc_noprof include/linux/slab.h:901 [inline][EOL] kzalloc_noprof include/linux/slab.h:1037 [inline][EOL] vidtv_psi_pat_table_init drivers/media/test-drivers/vidtv/vidtv_psi.c:970[EOL] vidtv_channel_si_init drivers/media/test-drivers/vidtv/vidtv_channel.c:423[EOL] vidtv_mux_init drivers/media/test-drivers/vidtv/vidtv_mux.c:519[EOL] vidtv_start_streaming drivers/media/test-drivers/vidtv/vidtv_bridge.c:194[EOL] vidtv_start_feed drivers/media/test-drivers/vidtv/vidtv_bridge.c:239[EOL] dmx_section_feed_start_filtering drivers/media/dvb-core/dvb_demux.c:973[EOL] dvb_dmxdev_feed_start drivers/media/dvb-core/dmxdev.c:508 [inline][EOL] dvb_dmxdev_feed_restart.isra.0 drivers/media/dvb-core/dmxdev.c:537[EOL] dvb_dmxdev_filter_stop+0x2b4/0x3a0 drivers/media/dvb-core/dmxdev.c:564[EOL] dvb_dmxdev_filter_free drivers/media/dvb-core/dmxdev.c:840 [inline][EOL] dvb_demux_release+0x92/0x550 drivers/media/dvb-core/dmxdev.c:1246[EOL] __fput+0x3ff/0xb70 fs/file_tabl[EOL]---truncated---

CREATE(Triage):(User=admin) [CVE-2025-38227 (https://nvd.nist.gov/vuln/detail/CVE-2025-38227)
Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube