CVE-2023-53700
Description
In the Linux kernel, the following vulnerability has been resolved:
media: max9286: Fix memleak in max9286_v4l2_register()
There is a kmemleak when testing the media/i2c/max9286.c with bpf mock device:
kmemleak: 5 new suspected memory leaks (see /sys/kernel/debug/kmemleak)
unreferenced object 0xffff88810defc400 (size 256): comm "python3", pid 278, jiffies 4294737563 (age 31.978s) hex dump (first 32 bytes): 28 06 a7 0a 81 88 ff ff 00 fe 22 12 81 88 ff ff (........."..... 10 c4 ef 0d 81 88 ff ff 10 c4 ef 0d 81 88 ff ff ................ backtrace: [<00000000191de6a7>] __kmalloc_node+0x44/0x1b0 [<000000002f4912b7>] kvmalloc_node+0x34/0x180 [<0000000057dc4cae>] v4l2_ctrl_new+0x325/0x10f0 [videodev] [<0000000026030272>] v4l2_ctrl_new_std+0x16f/0x210 [videodev] [<00000000f0d9ea2f>] max9286_probe+0x76e/0xbff [max9286] [<00000000ea8f6455>] i2c_device_probe+0x28d/0x680 [<0000000087529af3>] really_probe+0x17c/0x3f0 [<00000000b08be526>] __driver_probe_device+0xe3/0x170 [<000000004382edea>] driver_probe_device+0x49/0x120 [<000000007bde528a>] __device_attach_driver+0xf7/0x150 [<000000009f9c6ab4>] bus_for_each_drv+0x114/0x180 [<00000000c8aaf588>] __device_attach+0x1e5/0x2d0 [<0000000041cc06b9>] bus_probe_device+0x126/0x140 [<000000002309860d>] device_add+0x810/0x1130 [<000000002827bf98>] i2c_new_client_device+0x359/0x4f0 [<00000000593bdc85>] of_i2c_register_device+0xf1/0x110
max9286_v4l2_register() calls v4l2_ctrl_new_std(), but won't free the created v412_ctrl when fwnode_graph_get_endpoint_by_id() failed, which causes the memleak. Call v4l2_ctrl_handler_free() to free the v412_ctrl.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Memory leak in Linux kernel's max9286 driver due to missing v4l2_ctrl_handler_free() on error path, fixed by adding cleanup.
In the Linux kernel's max9286 media driver, a memory leak occurs during device probe. The function max9286_v4l2_register() allocates a V4L2 control via v4l2_ctrl_new_std(), but if the subsequent call to fwnode_graph_get_endpoint_by_id() fails, the allocated control is not freed. This results in a kmemleak report and memory exhaustion over repeated probe attempts [1][2].
The vulnerability is triggered when the device driver encounters an error during the device tree endpoint lookup. An attacker with the ability to influence the probe sequence, such as by providing malformed device tree data or manipulating the hardware, could cause the driver to leak memory each time it attempts to register. While no specific prerequisites are detailed, the issue was discovered using a BPF mock device, indicating that local access may be sufficient.
The impact is a memory leak that can lead to system memory depletion and potential denial of service. If the device is repeatedly probed (e.g., due to hotplug or driver unbind/bind), the leaked memory accumulates, eventually exhausting available memory and crashing the system.
The fix is to call v4l2_ctrl_handler_free() in the error path to release the allocated control. This patch has been applied to stable Linux kernel branches, and users should update to the latest kernel version to mitigate the vulnerability [1][2].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
5505ff3a0c5955897fe3ebe82724039e013b35e31213fa0178636c5fc7658Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- git.kernel.org/stable/c/505ff3a0c5951684c3a43094ca4c1a74683d5681nvd
- git.kernel.org/stable/c/5897fe3ebe8252993579e1bee715ebfe5504e052nvd
- git.kernel.org/stable/c/5e31213fa017c20ccc989033a5f4a626473aa2canvd
- git.kernel.org/stable/c/724039e013b34f46344abdbf8c74e6a65a828327nvd
- git.kernel.org/stable/c/8636c5fc7658c7c6299fb8b352d24ea4b9ba99e2nvd
News mentions
0No linked articles in our index yet.