CVE-2024-57834: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-57834 affects the Linux kernel's media subsystem, specifically in the vidtv driver component. The vulnerability was discovered and reported by syzbot on February 26, 2025. It involves a null pointer dereference in the vidtv_mux_stop_thread function when dvb->mux is not properly initialized by vidtv_mux_init() during streaming initialization (NVD).

The vulnerability occurs in the Linux kernel's vidtv driver when dvb->mux is not initialized successfully by vidtv_mux_init() in the vidtv_start_streaming() function. This leads to a null pointer dereference in vidtv_mux_stop_thread() when attempting to access the mux pointer. The issue was identified in kernel version 6.13.0-rc4. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can lead to a kernel crash due to null pointer dereference, potentially causing a denial of service condition. The impact is limited to local attacks and affects system availability without compromising confidentiality or integrity (NVD).

The issue has been fixed by adjusting the timing of streaming initialization and adding proper checks before stopping the stream. The fix includes moving the streaming flag setting after successful mux initialization and adding a check for the streaming state before attempting to stop the thread (Kernel Patch).