CVE-2022-50757
Description
In the Linux kernel, the following vulnerability has been resolved:
media: camss: Clean up received buffers on failed start of streaming
It is required to return the received buffers, if streaming can not be started. For instance media_pipeline_start() may fail with EPIPE, if a link validation between entities is not passed, and in such a case a user gets a kernel warning:
WARNING: CPU: 1 PID: 520 at drivers/media/common/videobuf2/videobuf2-core.c:1592 vb2_start_streaming+0xec/0x160
Call trace: vb2_start_streaming+0xec/0x160 vb2_core_streamon+0x9c/0x1a0 vb2_ioctl_streamon+0x68/0xbc v4l_streamon+0x30/0x3c __video_do_ioctl+0x184/0x3e0 video_usercopy+0x37c/0x7b0 video_ioctl2+0x24/0x40 v4l2_ioctl+0x4c/0x70
The fix is to correct the error path in video_start_streaming() of camss.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In the Linux kernel's camss driver, a failed start of streaming fails to return buffers, causing a kernel warning; patched in stable updates.
Vulnerability
In the Linux kernel's camss (Camera Subsystem) driver, when starting video streaming fails (e.g., due to media pipeline validation failure returning EPIPE), the driver fails to return the received buffers to the videobuf2 framework. This triggers a kernel warning from vb2_start_streaming() because it expects all buffers to be returned after a failed start [1][2].
Exploitation
The vulnerability is triggered by attempting to start a video stream when the media pipeline link validation fails. This can be caused by a user-space application initiating streaming with an invalid configuration. No special privileges beyond access to the camera device are required; however, the attacker must be able to interact with the V4L2 interface.
Impact
The bug results in a kernel stack trace and warning message being logged, which can fill system logs and cause a denial of service if repeated. While the warning itself is not exploitable for privilege escalation, it indicates a broken error handling path that could be leveraged in conjunction with other vulnerabilities [3].
Mitigation
The fix is included in Linux kernel stable updates: commits c8f3582345e6, d1c44928bb3c, 24df4fa3e795, and 75954cde8a5c. Affected systems should apply the latest kernel updates to prevent this warning [4].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
8c8f3582345e675954cde8a5c04c734c716a9fe443b3fe36c3d5cab726e3bd1c44928bb3cf05326a440dc24df4fa3e795Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
8- git.kernel.org/stable/c/04c734c716a97f1493b1edac41316aaed1d2a9d9nvd
- git.kernel.org/stable/c/24df4fa3e795fb4b15fd4d3c036596e0978d265anvd
- git.kernel.org/stable/c/3d5cab726e3b370fea1b6e67183f0e13c409ce5cnvd
- git.kernel.org/stable/c/75954cde8a5ca84003b24b6bf83197240935bd74nvd
- git.kernel.org/stable/c/c8f3582345e6a69da65ab588f7c4c2d1685b0e80nvd
- git.kernel.org/stable/c/d1c44928bb3ca0ec88e7ad5937a2a26a259aede6nvd
- git.kernel.org/stable/c/f05326a440dc31b91b688b2f3f15b7347894a50bnvd
- git.kernel.org/stable/c/fe443b3fe36cd23d4f5dc6d825d34322e7c89f0cnvd
News mentions
0No linked articles in our index yet.