Memory Leak in Linux Kernel's OV2740 Media Driver
CVE-2023-53349
What is CVE-2023-53349?
A memory leak has been identified in the OV2740 media driver of the Linux kernel. Specifically, the function ov2740_init_controls() fails to release all allocated resources when encountering errors during initialization. This oversight can result in unreferenced objects persisting in memory. The issue becomes evident when utilizing the media/i2c/ov2740.c with a BPF mock device, leading to potential memory inefficiencies and increased resource consumption. Implementing the v4l2_ctrl_handler_free() function is a critical step to mitigate this condition and ensure robust memory management.
Affected Version(s)
Linux 866edc895171f1256aad3e81dce193447955c202
Linux 866edc895171f1256aad3e81dce193447955c202 < 3969b2ebc66039306f505c7c630c5530800f83c0
Linux 866edc895171f1256aad3e81dce193447955c202