PT-2017-4905 · Linux+2 · Linux Kernel+2

Eugene Teo

Published

2017-04-24

Updated

2026-03-13

CVE-2010-5321

CVSS v2.0

4.9

Medium

Vector

AV:L/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 2.6.x through 4.x

Description: The issue is a memory leak in the videobuf subsystem, specifically in the drivers/media/video/videobuf-core.c file. This allows local users to cause a denial of service by consuming memory through a series of mmap calls that require new allocations, leveraging access to /dev/video. As of 2016-06-18, this affects only 11 drivers that have not been updated to use videobuf2 instead of videobuf.

Recommendations: For Linux kernel versions 2.6.x through 4.x, consider updating the affected drivers to use videobuf2 instead of videobuf to mitigate the risk of memory consumption. As a temporary workaround, restrict access to /dev/video to minimize the risk of exploitation.

Fix

DoS

Missing Release of Resource after Effective Lifetime

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-772

Related Identifiers

ALT-PU-2019-1437

ALT-PU-2019-1506

ALT-PU-2020-1198

ALT-PU-2020-1501

ALT-PU-2020-2410

ALT-PU-2020-2433

ALT-PU-2021-1870

CVE-2010-5321

ECHO-9C16-41B4-02FB

Affected Products

Alt Linux

Debian

Linux Kernel

PT-2017-4905 · Linux+2 · Linux Kernel+2

CVE-2010-5321

Weakness Enumeration

Related Identifiers

Affected Products

References · 17