Bug 120571 - CVE-2010-5321 Multiple mmap() calls to v4l drivers using videobuf leak memory
Summary: CVE-2010-5321 Multiple mmap() calls to v4l drivers using videobuf leak memory
Status: NEW
Alias: None
Product: v4l-dvb
Classification: Unclassified
Component: v4l-core (show other bugs)
Hardware: All Linux
: P1 normal
Assignee: v4l-dvb_v4l-core@kernel-bugs.osdl.org
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-06-17 23:07 UTC by Petter Reinholdtsen
Modified: 2016-06-17 23:07 UTC (History)
0 users

See Also:
Kernel Version: 3.2.78
Tree: Mainline
Regression: No


Attachments

Description Petter Reinholdtsen 2016-06-17 23:07:32 UTC
Hi.

In 2010 a memory leak issue in the v4l mmap() code was reported in
<URL: https://bugzilla.redhat.com/show_bug.cgi?id=620629 >.  This is the description:

  "Since videobuf allocates memory on mmap(), calling mmap enough times for the same buffer (offset) resulted in a new memory allocation by videobuf on each such call and losing the old allocation, resulting in a leak each time and the system running out of memory."

As far as I can tell, the issue is still present in the drivers using the videobuf code.

I've reported the issue to Debian as <URL: https://bugs.debian.org/827340 > and the security issue is tracked on <URL: https://security-tracker.debian.org/tracker/CVE-2010-5321 >.  Reporting it here to make sure the kernel developers are aware of the issue.

I've tried to reproduce the issue myself without success, but believe I have not been able to test with the right hardware.

I'm not sure which kernel version the issue was introduced, but set 3.2.78 as it is the oldest one reported in the Debian security tracker.

Note You need to log in before you can comment on or make changes to this bug.