Headline
CVE-2019-19054: media: rc: prevent memory leak in cx23888_ir_probe · torvalds/linux@a7b2df7
A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b.
Permalink
Browse files
media: rc: prevent memory leak in cx23888_ir_probe
In cx23888_ir_probe if kfifo_alloc fails the allocated memory for state should be released.
Signed-off-by: Navid Emamdoost [email protected] Signed-off-by: Sean Young [email protected] Signed-off-by: Mauro Carvalho Chehab [email protected]
- Loading branch information
1 parent 3eab054 commit a7b2df76b42bdd026e3106cf2ba97db41345a177
Showing 1 changed file with 4 additions and 1 deletion.
@@ -1167,8 +1167,11 @@ int cx23888_ir_probe(struct cx23885_dev *dev)
return -ENOMEM;
spin_lock_init(&state->rx_kfifo_lock);
if (kfifo_alloc(&state->rx_kfifo, CX23888_IR_RX_KFIFO_SIZE, GFP_KERNEL))
if (kfifo_alloc(&state->rx_kfifo, CX23888_IR_RX_KFIFO_SIZE,
GFP_KERNEL)) {
kfree(state);
return -ENOMEM;
}
state->dev = dev;
sd = &state->sd;
1 comment on commit a7b2df7
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
in cx23888_ir_probe function, when v4l2_device_register_subdev failed, why not release state memory?
if v4l2_device_register_subdev failed, state variable will not add v4l2_dev->subdevs list, then it memory will never release.
Please sign in to comment.
Related news
Dell EMC Metro node, Version(s) prior to 7.1, contain a Code Injection Vulnerability. An authenticated nonprivileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application.