CVE-2025-68808
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2026-01-13

Last updated on: 2026-01-19

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: media: vidtv: initialize local pointers upon transfer of memory ownership vidtv_channel_si_init() creates a temporary list (program, service, event) and ownership of the memory itself is transferred to the PAT/SDT/EIT tables through vidtv_psi_pat_program_assign(), vidtv_psi_sdt_service_assign(), vidtv_psi_eit_event_assign(). The problem here is that the local pointer where the memory ownership transfer was completed is not initialized to NULL. This causes the vidtv_psi_pmt_create_sec_for_each_pat_entry() function to fail, and in the flow that jumps to free_eit, the memory that was freed by vidtv_psi_*_table_destroy() can be accessed again by vidtv_psi_*_event_destroy() due to the uninitialized local pointer, so it is freed once again. Therefore, to prevent use-after-free and double-free vulnerability, local pointers must be initialized to NULL when transferring memory ownership.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-13
Last Modified
2026-01-19
Generated
2026-06-16
AI Q&A
2026-01-14
EPSS Evaluated
2026-06-15
NVD
CVE-2025-68808
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Linux kernel's media vidtv component occurs because local pointers are not initialized to NULL after transferring memory ownership. Specifically, functions that assign memory ownership to PAT/SDT/EIT tables do not reset the local pointers, leading to a situation where freed memory can be accessed and freed again. This causes a use-after-free and double-free vulnerability.

Impact Analysis

The vulnerability can lead to use-after-free and double-free conditions, which may cause system instability, crashes, or potential exploitation by attackers to execute arbitrary code or cause denial of service.

Mitigation Strategies

To mitigate this vulnerability, update the Linux kernel to a version where the vidtv component properly initializes local pointers to NULL upon memory ownership transfer, thereby preventing use-after-free and double-free conditions.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68808. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart