Linux Kernel DVB Core Double Free Vulnerability in Device Registration

A double free vulnerability has been identified in the Linux kernel's DVB core media device registration process. This issue arises in the 'dvb_register_device()' function, specifically within the 'dvb_create_media_entity()' call. The vulnerability occurs when 'dvb->entity' is allocated and initialized, but the initialization fails. In such cases, the function frees 'dvb->entity' and returns an error code. The caller then handles this error by calling 'dvb_media_device_free()', which unregisters the entity and frees the field again if it is not NULL. However, 'dvb->entity' may not be set to NULL in 'dvb_create_media_entity()' if the allocation of 'dvbdev->pad' fails, leading to a double free situation. This flaw can also cause a use-after-free condition in 'media_device_unregister_entity()'. The vulnerability affects several versions of the Linux kernel.