CVE-2026-31599

In the Linux kernel, the following vulnerability has been resolved: media: vidtv: fix NULL pointer dereference in vidtv_channel_pmt_match_sections syzbot reported a general protection fault in vidtv_psi_desc_assign [1]. vidtv_psi_pmt_stream_init() can return NULL on memory allocation failure, but vidtv_channel_pmt_match_sections() does not check for this. When tail is NULL, the subsequent call to vidtv_psi_desc_assign(&tail->descriptor, desc) dereferences a NULL pointer offset, causing a general protection fault. Add a NULL check after vidtv_psi_pmt_stream_init(). On failure, clean up the already-allocated stream chain and return. [1] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] RIP: 0010:vidtv_psi_desc_assign+0x24/0x90 drivers/media/test-drivers/vidtv/vidtv_psi.c:629 Call Trace: <TASK> vidtv_channel_pmt_match_sections drivers/media/test-drivers/vidtv/vidtv_channel.c:349 [inline] vidtv_channel_si_init+0x1445/0x1a50 drivers/media/test-drivers/vidtv/vidtv_channel.c:479 vidtv_mux_init+0x526/0xbe0 drivers/media/test-drivers/vidtv/vidtv_mux.c:519 vidtv_start_streaming drivers/media/test-drivers/vidtv/vidtv_bridge.c:194 [inline] vidtv_start_feed+0x33e/0x4d0 drivers/media/test-drivers/vidtv/vidtv_bridge.c:239

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/07c1e474cf9acf777f09d14a8f8dfcef5b84e46f	Patch
https://git.kernel.org/stable/c/2dff11fb5098ae453651f8f77e94ad499c078022	Patch
https://git.kernel.org/stable/c/54e18a23e62e81b8335cec3e8e9c5cb33fd88665
https://git.kernel.org/stable/c/5c986b77200b5ea754ba6636deacc7e0942fec9b
https://git.kernel.org/stable/c/93d9e747a9e8a5ca9e3c5e37dcff76b40399139f
https://git.kernel.org/stable/c/b7efb4c94797c504a1c678edb48c2aa311d3309f	Patch
https://git.kernel.org/stable/c/b832cfd516b8504e95884622cee60bf9a39b7945	Patch
https://git.kernel.org/stable/c/e589de36da106ef739ba98f66f5a5c2023370706	Patch
https://git.kernel.org/stable/c/f8e1fc918a9fe67103bcda01d20d745f264d00a7	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

01 Jun 2026, 17:16

Type	Values Removed	Values Added
References		() https://git.kernel.org/stable/c/54e18a23e62e81b8335cec3e8e9c5cb33fd88665 - () https://git.kernel.org/stable/c/5c986b77200b5ea754ba6636deacc7e0942fec9b - () https://git.kernel.org/stable/c/93d9e747a9e8a5ca9e3c5e37dcff76b40399139f -

29 Apr 2026, 20:12

Type	Values Removed	Values Added
CWE		CWE-476
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CPE		cpe:2.3:o:linux:linux_kernel::::::::
First Time		Linux Linux linux Kernel
References	~~() https://git.kernel.org/stable/c/07c1e474cf9acf777f09d14a8f8dfcef5b84e46f -~~	() https://git.kernel.org/stable/c/07c1e474cf9acf777f09d14a8f8dfcef5b84e46f - Patch
References	~~() https://git.kernel.org/stable/c/2dff11fb5098ae453651f8f77e94ad499c078022 -~~	() https://git.kernel.org/stable/c/2dff11fb5098ae453651f8f77e94ad499c078022 - Patch
References	~~() https://git.kernel.org/stable/c/b7efb4c94797c504a1c678edb48c2aa311d3309f -~~	() https://git.kernel.org/stable/c/b7efb4c94797c504a1c678edb48c2aa311d3309f - Patch
References	~~() https://git.kernel.org/stable/c/b832cfd516b8504e95884622cee60bf9a39b7945 -~~	() https://git.kernel.org/stable/c/b832cfd516b8504e95884622cee60bf9a39b7945 - Patch
References	~~() https://git.kernel.org/stable/c/e589de36da106ef739ba98f66f5a5c2023370706 -~~	() https://git.kernel.org/stable/c/e589de36da106ef739ba98f66f5a5c2023370706 - Patch
References	~~() https://git.kernel.org/stable/c/f8e1fc918a9fe67103bcda01d20d745f264d00a7 -~~	() https://git.kernel.org/stable/c/f8e1fc918a9fe67103bcda01d20d745f264d00a7 - Patch

27 Apr 2026, 14:16

Type	Values Removed	Values Added
References		() https://git.kernel.org/stable/c/b7efb4c94797c504a1c678edb48c2aa311d3309f -

27 Apr 2026, 12:16

Type	Values Removed	Values Added
References		() https://git.kernel.org/stable/c/f8e1fc918a9fe67103bcda01d20d745f264d00a7 -

24 Apr 2026, 15:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-04-24 15:16

Updated : 2026-06-17 10:34

NVD link : CVE-2026-31599

Mitre link : CVE-2026-31599

CVE.ORG link : CVE-2026-31599

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

5.5 /10