120571 – CVE-2010-5321 Multiple mmap() calls to v4l drivers using videobuf leak memory

Bug 120571 - CVE-2010-5321 Multiple mmap() calls to v4l drivers using videobuf leak memory

Summary: CVE-2010-5321 Multiple mmap() calls to v4l drivers using videobuf leak memory

Status:	NEW

Alias:	None

Product:	v4l-dvb
Classification:	Unclassified
Component:	v4l-core (show other bugs)
Hardware:	All Linux

Importance:	P1 normal
Assignee:	v4l-dvb_v4l-core@kernel-bugs.osdl.org

URL:
Keywords:

Depends on:
Blocks:

Reported:	2016-06-17 23:07 UTC by Petter Reinholdtsen
Modified:	2016-06-17 23:07 UTC (History)
CC List:	0 users

See Also:
Kernel Version:	3.2.78
Subsystem:
Regression:	No
Bisected commit-id:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Petter Reinholdtsen 2016-06-17 23:07:32 UTC

Hi.

In 2010 a memory leak issue in the v4l mmap() code was reported in
<URL: https://bugzilla.redhat.com/show_bug.cgi?id=620629 >.  This is the description:

  "Since videobuf allocates memory on mmap(), calling mmap enough times for the same buffer (offset) resulted in a new memory allocation by videobuf on each such call and losing the old allocation, resulting in a leak each time and the system running out of memory."

As far as I can tell, the issue is still present in the drivers using the videobuf code.

I've reported the issue to Debian as <URL: https://bugs.debian.org/827340 > and the security issue is tracked on <URL: https://security-tracker.debian.org/tracker/CVE-2010-5321 >.  Reporting it here to make sure the kernel developers are aware of the issue.

I've tried to reproduce the issue myself without success, but believe I have not been able to test with the right hardware.

I'm not sure which kernel version the issue was introduced, but set 3.2.78 as it is the oldest one reported in the Debian security tracker.

Note You need to log in before you can comment on or make changes to this bug.