CVE-2023-53637
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
07/10/2025
Last modified:
08/10/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
media: i2c: ov772x: Fix memleak in ov772x_probe()<br />
<br />
A memory leak was reported when testing ov772x with bpf mock device:<br />
<br />
AssertionError: unreferenced object 0xffff888109afa7a8 (size 8):<br />
comm "python3", pid 279, jiffies 4294805921 (age 20.681s)<br />
hex dump (first 8 bytes):<br />
80 22 88 15 81 88 ff ff ."......<br />
backtrace:<br />
[] __kmalloc_node+0x44/0x1b0<br />
[] kvmalloc_node+0x34/0x180<br />
[] v4l2_ctrl_handler_init_class+0x11d/0x180 [videodev]<br />
[] ov772x_probe+0x1c3/0x68c [ov772x]<br />
[] i2c_device_probe+0x28d/0x680<br />
[] really_probe+0x17c/0x3f0<br />
[] __driver_probe_device+0xe3/0x170<br />
[] driver_probe_device+0x49/0x120<br />
[] __device_attach_driver+0xf7/0x150<br />
[] bus_for_each_drv+0x114/0x180<br />
[] __device_attach+0x1e5/0x2d0<br />
[] bus_probe_device+0x126/0x140<br />
[] device_add+0x810/0x1130<br />
[] i2c_new_client_device+0x359/0x4f0<br />
[] of_i2c_register_device+0xf1/0x110<br />
[] of_i2c_notify+0x100/0x160<br />
unreferenced object 0xffff888119825c00 (size 256):<br />
comm "python3", pid 279, jiffies 4294805921 (age 20.681s)<br />
hex dump (first 32 bytes):<br />
00 b4 a5 17 81 88 ff ff 00 5e 82 19 81 88 ff ff .........^......<br />
10 5c 82 19 81 88 ff ff 10 5c 82 19 81 88 ff ff .\.......\......<br />
backtrace:<br />
[] __kmalloc_node+0x44/0x1b0<br />
[] kvmalloc_node+0x34/0x180<br />
[] v4l2_ctrl_new.cold+0x19b/0x86f [videodev]<br />
[] v4l2_ctrl_new_std+0x16f/0x210 [videodev]<br />
[] ov772x_probe+0x1fa/0x68c [ov772x]<br />
[] i2c_device_probe+0x28d/0x680<br />
[] really_probe+0x17c/0x3f0<br />
[] __driver_probe_device+0xe3/0x170<br />
[] driver_probe_device+0x49/0x120<br />
[] __device_attach_driver+0xf7/0x150<br />
[] bus_for_each_drv+0x114/0x180<br />
[] __device_attach+0x1e5/0x2d0<br />
[] bus_probe_device+0x126/0x140<br />
[] device_add+0x810/0x1130<br />
[] i2c_new_client_device+0x359/0x4f0<br />
[] of_i2c_register_device+0xf1/0x110<br />
<br />
The reason is that if priv->hdl.error is set, ov772x_probe() jumps to the<br />
error_mutex_destroy without doing v4l2_ctrl_handler_free(), and all<br />
resources allocated in v4l2_ctrl_handler_init() and v4l2_ctrl_new_std()<br />
are leaked.
Impact
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/1da495101ef7507eb4f4b1dbec2874d740eff251
- https://git.kernel.org/stable/c/448ce1cd50387b1345ec14eb191ef05f7afc2a26
- https://git.kernel.org/stable/c/7485edb2b6ca5960205c0a49bedfd09bba30e521
- https://git.kernel.org/stable/c/ac93f8ac66e60227bed42d5a023f0e6c15b52c0a
- https://git.kernel.org/stable/c/c86d760c1c6855a6131e78d0ddacc48c79324ac3
- https://git.kernel.org/stable/c/cc3b6011d7a9f149489eb9420c6305a779162c57
- https://git.kernel.org/stable/c/dfaafeb8e9537969e8dba75491f732478c7fa9d6