Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: media: vidtv: fix nfeeds state corruption on start_streaming failure syzbot reported a memory leak in vidtv_psi_service_desc_init [1]. When vidtv_start_streaming() fails inside vidtv_start_feed(), the nfeeds counter is left incremented even though no feed was actually started. This corrupts the driver state: subsequent start_feed calls see nfeeds > 1 and skip starting the mux, while stop_feed calls eventually try to stop a non-existent stream. This state corruption can also lead to memory leaks, since the mux and channel resources may be partially allocated during a failed start_streaming but never cleaned up, as the stop path finds dvb->streaming == false and returns early. Fix by decrementing nfeeds back when start_streaming fails, keeping the counter in sync with the actual number of active feeds. [1] BUG: memory leak unreferenced object 0xffff888145b50820 (size 32): comm "syz.0.17", pid 6068, jiffies 4294944486 backtrace (crc 90a0c7d4): vidtv_psi_service_desc_init+0x74/0x1b0 drivers/media/test-drivers/vidtv/vidtv_psi.c:288 vidtv_channel_s302m_init+0xb1/0x2a0 drivers/media/test-drivers/vidtv/vidtv_channel.c:83 vidtv_channels_init+0x1b/0x40 drivers/media/test-drivers/vidtv/vidtv_channel.c:524 vidtv_mux_init+0x516/0xbe0 drivers/media/test-drivers/vidtv/vidtv_mux.c:518 vidtv_start_streaming drivers/media/test-drivers/vidtv/vidtv_bridge.c:194 [inline] vidtv_start_feed+0x33e/0x4d0 drivers/media/test-drivers/vidtv/vidtv_bridge.c:239
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 5.10, < 6.6.136 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/17cb7957c979529cc98ff57f7ac331532f1f7c83Patch
- https://git.kernel.org/stable/c/25f19e476ab15defe698504212899fdb9f7cd61bPatch
- https://git.kernel.org/stable/c/4bf95f797edd63c93330eafb6d6e670982344b9bPatch
- https://git.kernel.org/stable/c/83110c2c8c46c035c2e0fc8ff3e4991183bf9ccdPatch
- https://git.kernel.org/stable/c/98c22210aeadce67d9d20059f0dbbd01ba7fdbbaPatch
- https://git.kernel.org/stable/c/a0e5a598fe9a4612b852406b51153b881592aedePatch
FAQ
What is CVE-2026-31585?
CVE-2026-31585 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: media: vidtv: fix nfeeds state corruption on start_streaming failure syzbot reported a memory leak in vidtv_psi_service_desc_init ...
How severe is CVE-2026-31585?
CVE-2026-31585 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-31585?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.