Bug 120571

Summary: CVE-2010-5321 Multiple mmap() calls to v4l drivers using videobuf leak memory
Product: v4l-dvb Reporter: Petter Reinholdtsen (pere)
Component: v4l-coreAssignee: v4l-dvb_v4l-core (v4l-dvb_v4l-core)
Status: NEW ---    
Severity: normal    
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 3.2.78 Subsystem:
Regression: No Bisected commit-id:

Description Petter Reinholdtsen 2016-06-17 23:07:32 UTC 
Hi.

In 2010 a memory leak issue in the v4l mmap() code was reported in
<URL: https://bugzilla.redhat.com/show_bug.cgi?id=620629 >.  This is the description:

  "Since videobuf allocates memory on mmap(), calling mmap enough times for the same buffer (offset) resulted in a new memory allocation by videobuf on each such call and losing the old allocation, resulting in a leak each time and the system running out of memory."

As far as I can tell, the issue is still present in the drivers using the videobuf code.

I've reported the issue to Debian as <URL: https://bugs.debian.org/827340 > and the security issue is tracked on <URL: https://security-tracker.debian.org/tracker/CVE-2010-5321 >.  Reporting it here to make sure the kernel developers are aware of the issue.

I've tried to reproduce the issue myself without success, but believe I have not been able to test with the right hardware.

I'm not sure which kernel version the issue was introduced, but set 3.2.78 as it is the oldest one reported in the Debian security tracker.