SB20240531360 - Memory leak in Linux kernel media v4l2-core driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Memory leak (CVE-ID: CVE-2024-27077)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the v4l2_m2m_register_entity() function in drivers/media/v4l2-core/v4l2-mem2mem.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/3dd8abb0ed0e0a7c66d6d677c86ccb188cc39333
• https://git.kernel.org/stable/c/0175f2d34c85744f9ad6554f696cf0afb5bd04e4
• https://git.kernel.org/stable/c/afd2a82fe300032f63f8be5d6cd6981e75f8bbf2
• https://git.kernel.org/stable/c/dc866b69cc51af9b8509b4731b8ce2a4950cd0ef
• https://git.kernel.org/stable/c/0c9550b032de48d6a7fa6a4ddc09699d64d9300d
• https://git.kernel.org/stable/c/90029b9c979b60de5cb2b70ade4bbf61d561bc5d
• https://git.kernel.org/stable/c/5dc319cc3c4f7b74f7dfba349aa26f87efb52458
• https://git.kernel.org/stable/c/9c23ef30e840fedc66948299509f6c2777c9cf4f
• https://git.kernel.org/stable/c/8f94b49a5b5d386c038e355bef6347298aabd211
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.311
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.214
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.153
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.273
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.83
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.23
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.11
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.2