CVE-2023-54208

Vulnerability

A memory leak in ov5675_init_controls()

In the Linux kernel's media subsystem, the ov5675 camera sensor driver contains a memory leak occurs in the ov5675_init_controls() function. When this function fails partway through initialization, it does not properly free all previously allocated resources, specifically the v4l2 control handler. This results in a kmemleak warning showing an unreferenced object of size 16 bytes, as reported when testing with a BPF mock device [1].

##Exploitation and attack surface

The vulnerability is triggered during the driver's probe sequence (ov5675_probe), which calls ov5675_init_controls(). An attacker would need to cause the initialization to fail, for example by providing a faulty device or manipulating the I2C communication. No special privileges are required beyond the ability to interact with the hardware or simulate a device. The leak is exposed when the driver is loaded and the control handler initialization is interrupted.

##Impact

An attacker who can trigger the failure path can cause a memory leak, leading to gradual depletion of kernel memory. Over time, this could contribute to system instability or denial-of-service conditions. The leaked memory is not freed until the system is rebooted, making it a persistent resource drain.

##Mitigation

The fix adds a call to v4l2_ctrl_handler_free() in the error path of ov5675_init_controls(), ensuring all allocated resources are properly released. The patch has been applied to the stable kernel tree [1][2][3]. Users should update to a kernel version containing this fix.