CVE-2023-54208

Summary

In the Linux kernel, the following vulnerability has been resolved:

media: ov5675: Fix memleak in ov5675_init_controls()

There is a kmemleak when testing the media/i2c/ov5675.c with bpf mock device:

AssertionError: unreferenced object 0xffff888107362160 (size 16): comm "python3", pid 277, jiffies 4294832798 (age 20.722s) hex dump (first 16 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ……………. backtrace: [<00000000abe7d67c>] __kmalloc_node+0x44/0x1b0 [<000000008a725aac>] kvmalloc_node+0x34/0x180 [<000000009a53cd11>] v4l2_ctrl_handler_init_class+0x11d/0x180 [videodev] [<0000000055b46db0>] ov5675_probe+0x38b/0x897 [ov5675] [<00000000153d886c>] i2c_device_probe+0x28d/0x680 [<000000004afb7e8f>] really_probe+0x17c/0x3f0 [<00000000ff2f18e4>] __driver_probe_device+0xe3/0x170 [<000000000a001029>] driver_probe_device+0x49/0x120 [<00000000e39743c7>] __device_attach_driver+0xf7/0x150 [<00000000d32fd070>] bus_for_each_drv+0x114/0x180 [<000000009083ac41>] __device_attach+0x1e5/0x2d0 [<0000000015b4a830>] bus_probe_device+0x126/0x140 [<000000007813deaf>] device_add+0x810/0x1130 [<000000007becb867>] i2c_new_client_device+0x386/0x540 [<000000007f9cf4b4>] of_i2c_register_device+0xf1/0x110 [<00000000ebfdd032>] of_i2c_notify+0xfc/0x1f0

ov5675_init_controls() won't clean all the allocated resources in fail path, which may causes the memleaks. Add v4l2_ctrl_handler_free() to prevent memleak.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxbf27502b1f3bf8095bf81736e506d354a2ce9ec4 < 086a80b842bcb621d6c4eedad20683f1f674d0c2affected
LinuxLinuxbf27502b1f3bf8095bf81736e506d354a2ce9ec4 < bcae9115a163198dce9126aa8bedc1c007ec30edaffected
LinuxLinuxbf27502b1f3bf8095bf81736e506d354a2ce9ec4 < ba54908ae8225d58f1830edb394d4153bcb7d0aaaffected
LinuxLinuxbf27502b1f3bf8095bf81736e506d354a2ce9ec4 < 49b849824b9862f177fc77fc92ef95ec54566ecfaffected
LinuxLinuxbf27502b1f3bf8095bf81736e506d354a2ce9ec4 < 7a36a6be694df87d019663863b922913947b42afaffected
LinuxLinuxbf27502b1f3bf8095bf81736e506d354a2ce9ec4 < dd74ed6c213003533e3abf4c204374ef01d86978affected
LinuxLinux5.4affected
LinuxLinux0 < 5.4unaffected
LinuxLinux5.4.235 <= 5.4.*unaffected
LinuxLinux5.10.173 <= 5.10.*unaffected
LinuxLinux5.15.99 <= 5.15.*unaffected
LinuxLinux6.1.16 <= 6.1.*unaffected
LinuxLinux6.2.3 <= 6.2.*unaffected
LinuxLinux6.3 <= *unaffected

Weaknesses

References