Acknowledged
Created: Oct 10, 2025
Updated: Oct 17, 2025
Found In Version: 10.22.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:[EOL][EOL]media: cx23885: Fix a null-ptr-deref bug in buffer_prepare() and buffer_finish()[EOL][EOL]When the driver calls cx23885_risc_buffer() to prepare the buffer, the[EOL]function call dma_alloc_coherent may fail, resulting in a empty buffer[EOL]risc->cpu. Later when we free the buffer or access the buffer, null ptr[EOL]deref is triggered.[EOL][EOL]This bug is similar to the following one:[EOL]https://git.linuxtv.org/media_stage.git/commit/?id=2b064d91440b33fba5b452f2d1b31f13ae911d71.[EOL][EOL]We believe the bug can be also dynamically triggered from user side.[EOL]Similarly, we fix this by checking the return value of cx23885_risc_buffer()[EOL]and the value of risc->cpu before buffer free.
