CVE-2024-50175

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The issue is related to the Linux kernel, specifically the media: qcom: camss component. A vulnerability has been resolved by removing the use count guard in stop streaming. The use count check was introduced to handle multiple concurrent Raw Data Interfaces (RDIs) driven by different virtual channels (VCs) on the CSIPHY input driving the video pipeline. However, this is an invalid use of use count, as it pertains to the number of times a video entity has been opened by user-space, not the number of active streams. If use count and stream-on count don't agree, then stop streaming() will break, which has become apparent when using CAMSS with libcamera's released softisp 0.3. The use of use count like this is a bit hacky and breaks regular usage of CAMSS for a single stream case. Stopping qcam results in an error and cannot be started again, with attempts to do so failing with -EBUSY.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.