CVE-2023-54183

Summary

In the Linux kernel, the following vulnerability has been resolved:

media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link()

If fwnode_graph_get_remote_endpoint() fails, 'fwnode' is known to be NULL, so fwnode_handle_put() is a no-op.

Release the reference taken from a previous fwnode_graph_get_port_parent() call instead.

Also handle fwnode_graph_get_port_parent() failures.

In order to fix these issues, add an error handling path to the function and the needed gotos.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxca50c197bd9610ea984cfc0dc6855f183cbb46f8 < 2342942331e1f034ff58f293e10d0d9b7581601faffected
LinuxLinuxca50c197bd9610ea984cfc0dc6855f183cbb46f8 < 4bc5ffaf8ac4f3e7a1fcd10a0a0e7b022b694877affected
LinuxLinuxca50c197bd9610ea984cfc0dc6855f183cbb46f8 < d8a8f75fce049bdb3144b607deefe51e996b9660affected
LinuxLinuxca50c197bd9610ea984cfc0dc6855f183cbb46f8 < caf058833b6f3fe7beabf738110f79bb987c8fffaffected
LinuxLinuxca50c197bd9610ea984cfc0dc6855f183cbb46f8 < 25afb3e03bf8ab02567af4b6ffbfd6250a91a9f8affected
LinuxLinuxca50c197bd9610ea984cfc0dc6855f183cbb46f8 < ed1696f7f92e8404940d51dec80a123aa18163a8affected
LinuxLinuxca50c197bd9610ea984cfc0dc6855f183cbb46f8 < e8a1cd87bb9fa3149ee112ecb8058908dc9b520eaffected
LinuxLinuxca50c197bd9610ea984cfc0dc6855f183cbb46f8 < d7b13edd4cb4bfa335b6008ab867ac28582d3e5caffected
LinuxLinux4.13affected
LinuxLinux0 < 4.13unaffected
LinuxLinux4.19.295 <= 4.19.*unaffected
LinuxLinux5.4.257 <= 5.4.*unaffected
LinuxLinux5.10.195 <= 5.10.*unaffected
LinuxLinux5.15.132 <= 5.15.*unaffected
LinuxLinux6.1.53 <= 6.1.*unaffected
LinuxLinux6.4.16 <= 6.4.*unaffected
LinuxLinux6.5.3 <= 6.5.*unaffected
LinuxLinux6.6 <= *unaffected

Weaknesses

References