CVE-2024-57834

Summary

CVE-2024-57834 is a null-pointer dereference vulnerability found in the Linux kernel's vidtv\_mux\_stop\_thread function. If dvb->mux is not properly initialized during vidtv\_start\_streaming(), a null pointer dereference can occur in vidtv\_mux\_stop\_thread(). This issue was discovered using KASAN and affects the syz-executor248 process running on Google Compute Engine with kernel version 6.13.0-rc4-syzkaller. The vulnerability is located in the vidtv\_mux.c file, specifically at address 0010:vidtv\_mux\_stop\_thread+0x26. To mitigate this issue, appropriate timing adjustments are necessary to ensure that streaming initialization is completed before stopping it.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.