[SRU][N][PATCH 0/1] CVE-2025-38227
Alice C. Munduruca
alice.munduruca at canonical.com
Tue Oct 7 14:29:47 UTC 2025
[ Impact ]
A Use-After-Free bug is possible in the example driver `vidtv`.
If the function `vidtv_channel_si_init` fails, we should terminate
the subsequent process to avoid it accessing the freed `si` member.
[ Fix ]
noble: clean cherry pick from upstream commit.
[ Tests ]
Compile and boot tested.
[ Where problems could occur ]
Given that only the return value of the function changes, there is
very little chance of regression given that only the failing behavior
changes. Additionally, this is an example driver and so the risk of
impact is non-existent.
Edward Adam Davis (1):
media: vidtv: Terminating the subsequent process of initialization
failure
drivers/media/test-drivers/vidtv/vidtv_channel.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--
2.51.0
More information about the kernel-team
mailing list