Laurent Pinchart

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A double free issue in the Linux kernel's uvcvideo module has been identified. The problem occurs when the `uvc status init()` function fails to allocate the `int urb`, resulting in the `dev->status` pointer being freed but not reset to NULL. This leads to a double-free attempt when `uvc status cleanup()` is called. The issue is resolved by resetting the `dev->status` pointer to NULL after it is freed. **Recommendations** For the affected Linux kernel version, apply the fix that resets the `dev->status` pointer to NULL after freeing it to prevent the double-free issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a potential deadlock scenario in the Linux kernel, specifically in the media: v4l2-ctrls module. This scenario can occur due to unsafe locking, as shown in the log output. The problem arises from the revert of the commit "media: v4l2-ctrls: show all owned controls in log status". The vulnerability may allow an attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.