FKIE_CVE-2023-54208

Vulnerability from fkie_nvd - Published: 2025-12-30 13:16 - Updated: 2025-12-30 13:16
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: media: ov5675: Fix memleak in ov5675_init_controls() There is a kmemleak when testing the media/i2c/ov5675.c with bpf mock device: AssertionError: unreferenced object 0xffff888107362160 (size 16): comm "python3", pid 277, jiffies 4294832798 (age 20.722s) hex dump (first 16 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<00000000abe7d67c>] __kmalloc_node+0x44/0x1b0 [<000000008a725aac>] kvmalloc_node+0x34/0x180 [<000000009a53cd11>] v4l2_ctrl_handler_init_class+0x11d/0x180 [videodev] [<0000000055b46db0>] ov5675_probe+0x38b/0x897 [ov5675] [<00000000153d886c>] i2c_device_probe+0x28d/0x680 [<000000004afb7e8f>] really_probe+0x17c/0x3f0 [<00000000ff2f18e4>] __driver_probe_device+0xe3/0x170 [<000000000a001029>] driver_probe_device+0x49/0x120 [<00000000e39743c7>] __device_attach_driver+0xf7/0x150 [<00000000d32fd070>] bus_for_each_drv+0x114/0x180 [<000000009083ac41>] __device_attach+0x1e5/0x2d0 [<0000000015b4a830>] bus_probe_device+0x126/0x140 [<000000007813deaf>] device_add+0x810/0x1130 [<000000007becb867>] i2c_new_client_device+0x386/0x540 [<000000007f9cf4b4>] of_i2c_register_device+0xf1/0x110 [<00000000ebfdd032>] of_i2c_notify+0xfc/0x1f0 ov5675_init_controls() won't clean all the allocated resources in fail path, which may causes the memleaks. Add v4l2_ctrl_handler_free() to prevent memleak.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/086a80b842bcb621d6c4eedad20683f1f674d0c2
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/49b849824b9862f177fc77fc92ef95ec54566ecf
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/7a36a6be694df87d019663863b922913947b42af
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/ba54908ae8225d58f1830edb394d4153bcb7d0aa
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/bcae9115a163198dce9126aa8bedc1c007ec30ed
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/dd74ed6c213003533e3abf4c204374ef01d86978
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: ov5675: Fix memleak in ov5675_init_controls()\n\nThere is a kmemleak when testing the media/i2c/ov5675.c with bpf mock\ndevice:\n\nAssertionError: unreferenced object 0xffff888107362160 (size 16):\n  comm \"python3\", pid 277, jiffies 4294832798 (age 20.722s)\n  hex dump (first 16 bytes):\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n  backtrace:\n    [\u003c00000000abe7d67c\u003e] __kmalloc_node+0x44/0x1b0\n    [\u003c000000008a725aac\u003e] kvmalloc_node+0x34/0x180\n    [\u003c000000009a53cd11\u003e] v4l2_ctrl_handler_init_class+0x11d/0x180\n[videodev]\n    [\u003c0000000055b46db0\u003e] ov5675_probe+0x38b/0x897 [ov5675]\n    [\u003c00000000153d886c\u003e] i2c_device_probe+0x28d/0x680\n    [\u003c000000004afb7e8f\u003e] really_probe+0x17c/0x3f0\n    [\u003c00000000ff2f18e4\u003e] __driver_probe_device+0xe3/0x170\n    [\u003c000000000a001029\u003e] driver_probe_device+0x49/0x120\n    [\u003c00000000e39743c7\u003e] __device_attach_driver+0xf7/0x150\n    [\u003c00000000d32fd070\u003e] bus_for_each_drv+0x114/0x180\n    [\u003c000000009083ac41\u003e] __device_attach+0x1e5/0x2d0\n    [\u003c0000000015b4a830\u003e] bus_probe_device+0x126/0x140\n    [\u003c000000007813deaf\u003e] device_add+0x810/0x1130\n    [\u003c000000007becb867\u003e] i2c_new_client_device+0x386/0x540\n    [\u003c000000007f9cf4b4\u003e] of_i2c_register_device+0xf1/0x110\n    [\u003c00000000ebfdd032\u003e] of_i2c_notify+0xfc/0x1f0\n\nov5675_init_controls() won\u0027t clean all the allocated resources in fail\npath, which may causes the memleaks. Add v4l2_ctrl_handler_free() to\nprevent memleak."
    }
  ],
  "id": "CVE-2023-54208",
  "lastModified": "2025-12-30T13:16:08.977",
  "metrics": {},
  "published": "2025-12-30T13:16:08.977",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/086a80b842bcb621d6c4eedad20683f1f674d0c2"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/49b849824b9862f177fc77fc92ef95ec54566ecf"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/7a36a6be694df87d019663863b922913947b42af"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/ba54908ae8225d58f1830edb394d4153bcb7d0aa"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/bcae9115a163198dce9126aa8bedc1c007ec30ed"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/dd74ed6c213003533e3abf4c204374ef01d86978"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Received"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.