CVE-2023-53637

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A memory leak was identified in the ov772x probe() function within the Linux kernel's i2c subsystem. This leak occurs when the priv->hdl.error condition is met, causing the function to skip the necessary resource deallocation in v4l2 ctrl handler free(), which is called after v4l2 ctrl handler init() and v4l2 ctrl new std(). The issue was discovered during testing with a bpf mock device, resulting in unreferenced objects in memory. The backtrace indicates involvement of functions such as kmalloc node, kvmalloc node, v4l2 ctrl handler init class, ov772x probe, i2c device probe, and others related to device probing and initialization.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.