CVE-2023-53637 (GCVE-0-2023-53637)

Vulnerability from cvelistv5 – Published: 2025-10-07 15:19 – Updated: 2025-10-07 15:19
VLAI?
Title
media: i2c: ov772x: Fix memleak in ov772x_probe()
Summary
In the Linux kernel, the following vulnerability has been resolved: media: i2c: ov772x: Fix memleak in ov772x_probe() A memory leak was reported when testing ov772x with bpf mock device: AssertionError: unreferenced object 0xffff888109afa7a8 (size 8): comm "python3", pid 279, jiffies 4294805921 (age 20.681s) hex dump (first 8 bytes): 80 22 88 15 81 88 ff ff ."...... backtrace: [<000000009990b438>] __kmalloc_node+0x44/0x1b0 [<000000009e32f7d7>] kvmalloc_node+0x34/0x180 [<00000000faf48134>] v4l2_ctrl_handler_init_class+0x11d/0x180 [videodev] [<00000000da376937>] ov772x_probe+0x1c3/0x68c [ov772x] [<000000003f0d225e>] i2c_device_probe+0x28d/0x680 [<00000000e0b6db89>] really_probe+0x17c/0x3f0 [<000000001b19fcee>] __driver_probe_device+0xe3/0x170 [<0000000048370519>] driver_probe_device+0x49/0x120 [<000000005ead07a0>] __device_attach_driver+0xf7/0x150 [<0000000043f452b8>] bus_for_each_drv+0x114/0x180 [<00000000358e5596>] __device_attach+0x1e5/0x2d0 [<0000000043f83c5d>] bus_probe_device+0x126/0x140 [<00000000ee0f3046>] device_add+0x810/0x1130 [<00000000e0278184>] i2c_new_client_device+0x359/0x4f0 [<0000000070baf34f>] of_i2c_register_device+0xf1/0x110 [<00000000a9f2159d>] of_i2c_notify+0x100/0x160 unreferenced object 0xffff888119825c00 (size 256): comm "python3", pid 279, jiffies 4294805921 (age 20.681s) hex dump (first 32 bytes): 00 b4 a5 17 81 88 ff ff 00 5e 82 19 81 88 ff ff .........^...... 10 5c 82 19 81 88 ff ff 10 5c 82 19 81 88 ff ff .\.......\...... backtrace: [<000000009990b438>] __kmalloc_node+0x44/0x1b0 [<000000009e32f7d7>] kvmalloc_node+0x34/0x180 [<0000000073d88e0b>] v4l2_ctrl_new.cold+0x19b/0x86f [videodev] [<00000000b1f576fb>] v4l2_ctrl_new_std+0x16f/0x210 [videodev] [<00000000caf7ac99>] ov772x_probe+0x1fa/0x68c [ov772x] [<000000003f0d225e>] i2c_device_probe+0x28d/0x680 [<00000000e0b6db89>] really_probe+0x17c/0x3f0 [<000000001b19fcee>] __driver_probe_device+0xe3/0x170 [<0000000048370519>] driver_probe_device+0x49/0x120 [<000000005ead07a0>] __device_attach_driver+0xf7/0x150 [<0000000043f452b8>] bus_for_each_drv+0x114/0x180 [<00000000358e5596>] __device_attach+0x1e5/0x2d0 [<0000000043f83c5d>] bus_probe_device+0x126/0x140 [<00000000ee0f3046>] device_add+0x810/0x1130 [<00000000e0278184>] i2c_new_client_device+0x359/0x4f0 [<0000000070baf34f>] of_i2c_register_device+0xf1/0x110 The reason is that if priv->hdl.error is set, ov772x_probe() jumps to the error_mutex_destroy without doing v4l2_ctrl_handler_free(), and all resources allocated in v4l2_ctrl_handler_init() and v4l2_ctrl_new_std() are leaked.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 1112babde21483d86ed3fbad1320b0ddf9ab2ece , < cc3b6011d7a9f149489eb9420c6305a779162c57 (git)
Affected: 1112babde21483d86ed3fbad1320b0ddf9ab2ece , < 448ce1cd50387b1345ec14eb191ef05f7afc2a26 (git)
Affected: 1112babde21483d86ed3fbad1320b0ddf9ab2ece , < dfaafeb8e9537969e8dba75491f732478c7fa9d6 (git)
Affected: 1112babde21483d86ed3fbad1320b0ddf9ab2ece , < 1da495101ef7507eb4f4b1dbec2874d740eff251 (git)
Affected: 1112babde21483d86ed3fbad1320b0ddf9ab2ece , < ac93f8ac66e60227bed42d5a023f0e6c15b52c0a (git)
Affected: 1112babde21483d86ed3fbad1320b0ddf9ab2ece , < c86d760c1c6855a6131e78d0ddacc48c79324ac3 (git)
Affected: 1112babde21483d86ed3fbad1320b0ddf9ab2ece , < 7485edb2b6ca5960205c0a49bedfd09bba30e521 (git)
Create a notification for this product.
    Linux Linux Affected: 4.17
Unaffected: 0 , < 4.17 (semver)
Unaffected: 4.19.276 , ≤ 4.19.* (semver)
Unaffected: 5.4.235 , ≤ 5.4.* (semver)
Unaffected: 5.10.173 , ≤ 5.10.* (semver)
Unaffected: 5.15.99 , ≤ 5.15.* (semver)
Unaffected: 6.1.16 , ≤ 6.1.* (semver)
Unaffected: 6.2.3 , ≤ 6.2.* (semver)
Unaffected: 6.3 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/i2c/ov772x.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "cc3b6011d7a9f149489eb9420c6305a779162c57",
              "status": "affected",
              "version": "1112babde21483d86ed3fbad1320b0ddf9ab2ece",
              "versionType": "git"
            },
            {
              "lessThan": "448ce1cd50387b1345ec14eb191ef05f7afc2a26",
              "status": "affected",
              "version": "1112babde21483d86ed3fbad1320b0ddf9ab2ece",
              "versionType": "git"
            },
            {
              "lessThan": "dfaafeb8e9537969e8dba75491f732478c7fa9d6",
              "status": "affected",
              "version": "1112babde21483d86ed3fbad1320b0ddf9ab2ece",
              "versionType": "git"
            },
            {
              "lessThan": "1da495101ef7507eb4f4b1dbec2874d740eff251",
              "status": "affected",
              "version": "1112babde21483d86ed3fbad1320b0ddf9ab2ece",
              "versionType": "git"
            },
            {
              "lessThan": "ac93f8ac66e60227bed42d5a023f0e6c15b52c0a",
              "status": "affected",
              "version": "1112babde21483d86ed3fbad1320b0ddf9ab2ece",
              "versionType": "git"
            },
            {
              "lessThan": "c86d760c1c6855a6131e78d0ddacc48c79324ac3",
              "status": "affected",
              "version": "1112babde21483d86ed3fbad1320b0ddf9ab2ece",
              "versionType": "git"
            },
            {
              "lessThan": "7485edb2b6ca5960205c0a49bedfd09bba30e521",
              "status": "affected",
              "version": "1112babde21483d86ed3fbad1320b0ddf9ab2ece",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/i2c/ov772x.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.17"
            },
            {
              "lessThan": "4.17",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.276",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.235",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.173",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.99",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.*",
              "status": "unaffected",
              "version": "6.2.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.3",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.276",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.235",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.173",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.99",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.16",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2.3",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: i2c: ov772x: Fix memleak in ov772x_probe()\n\nA memory leak was reported when testing ov772x with bpf mock device:\n\nAssertionError: unreferenced object 0xffff888109afa7a8 (size 8):\n  comm \"python3\", pid 279, jiffies 4294805921 (age 20.681s)\n  hex dump (first 8 bytes):\n    80 22 88 15 81 88 ff ff                          .\"......\n  backtrace:\n    [\u003c000000009990b438\u003e] __kmalloc_node+0x44/0x1b0\n    [\u003c000000009e32f7d7\u003e] kvmalloc_node+0x34/0x180\n    [\u003c00000000faf48134\u003e] v4l2_ctrl_handler_init_class+0x11d/0x180 [videodev]\n    [\u003c00000000da376937\u003e] ov772x_probe+0x1c3/0x68c [ov772x]\n    [\u003c000000003f0d225e\u003e] i2c_device_probe+0x28d/0x680\n    [\u003c00000000e0b6db89\u003e] really_probe+0x17c/0x3f0\n    [\u003c000000001b19fcee\u003e] __driver_probe_device+0xe3/0x170\n    [\u003c0000000048370519\u003e] driver_probe_device+0x49/0x120\n    [\u003c000000005ead07a0\u003e] __device_attach_driver+0xf7/0x150\n    [\u003c0000000043f452b8\u003e] bus_for_each_drv+0x114/0x180\n    [\u003c00000000358e5596\u003e] __device_attach+0x1e5/0x2d0\n    [\u003c0000000043f83c5d\u003e] bus_probe_device+0x126/0x140\n    [\u003c00000000ee0f3046\u003e] device_add+0x810/0x1130\n    [\u003c00000000e0278184\u003e] i2c_new_client_device+0x359/0x4f0\n    [\u003c0000000070baf34f\u003e] of_i2c_register_device+0xf1/0x110\n    [\u003c00000000a9f2159d\u003e] of_i2c_notify+0x100/0x160\nunreferenced object 0xffff888119825c00 (size 256):\n  comm \"python3\", pid 279, jiffies 4294805921 (age 20.681s)\n  hex dump (first 32 bytes):\n    00 b4 a5 17 81 88 ff ff 00 5e 82 19 81 88 ff ff  .........^......\n    10 5c 82 19 81 88 ff ff 10 5c 82 19 81 88 ff ff  .\\.......\\......\n  backtrace:\n    [\u003c000000009990b438\u003e] __kmalloc_node+0x44/0x1b0\n    [\u003c000000009e32f7d7\u003e] kvmalloc_node+0x34/0x180\n    [\u003c0000000073d88e0b\u003e] v4l2_ctrl_new.cold+0x19b/0x86f [videodev]\n    [\u003c00000000b1f576fb\u003e] v4l2_ctrl_new_std+0x16f/0x210 [videodev]\n    [\u003c00000000caf7ac99\u003e] ov772x_probe+0x1fa/0x68c [ov772x]\n    [\u003c000000003f0d225e\u003e] i2c_device_probe+0x28d/0x680\n    [\u003c00000000e0b6db89\u003e] really_probe+0x17c/0x3f0\n    [\u003c000000001b19fcee\u003e] __driver_probe_device+0xe3/0x170\n    [\u003c0000000048370519\u003e] driver_probe_device+0x49/0x120\n    [\u003c000000005ead07a0\u003e] __device_attach_driver+0xf7/0x150\n    [\u003c0000000043f452b8\u003e] bus_for_each_drv+0x114/0x180\n    [\u003c00000000358e5596\u003e] __device_attach+0x1e5/0x2d0\n    [\u003c0000000043f83c5d\u003e] bus_probe_device+0x126/0x140\n    [\u003c00000000ee0f3046\u003e] device_add+0x810/0x1130\n    [\u003c00000000e0278184\u003e] i2c_new_client_device+0x359/0x4f0\n    [\u003c0000000070baf34f\u003e] of_i2c_register_device+0xf1/0x110\n\nThe reason is that if priv-\u003ehdl.error is set, ov772x_probe() jumps to the\nerror_mutex_destroy without doing v4l2_ctrl_handler_free(), and all\nresources allocated in v4l2_ctrl_handler_init() and v4l2_ctrl_new_std()\nare leaked."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-07T15:19:38.317Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/cc3b6011d7a9f149489eb9420c6305a779162c57"
        },
        {
          "url": "https://git.kernel.org/stable/c/448ce1cd50387b1345ec14eb191ef05f7afc2a26"
        },
        {
          "url": "https://git.kernel.org/stable/c/dfaafeb8e9537969e8dba75491f732478c7fa9d6"
        },
        {
          "url": "https://git.kernel.org/stable/c/1da495101ef7507eb4f4b1dbec2874d740eff251"
        },
        {
          "url": "https://git.kernel.org/stable/c/ac93f8ac66e60227bed42d5a023f0e6c15b52c0a"
        },
        {
          "url": "https://git.kernel.org/stable/c/c86d760c1c6855a6131e78d0ddacc48c79324ac3"
        },
        {
          "url": "https://git.kernel.org/stable/c/7485edb2b6ca5960205c0a49bedfd09bba30e521"
        }
      ],
      "title": "media: i2c: ov772x: Fix memleak in ov772x_probe()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53637",
    "datePublished": "2025-10-07T15:19:38.317Z",
    "dateReserved": "2025-10-07T15:16:59.658Z",
    "dateUpdated": "2025-10-07T15:19:38.317Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-53637\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-10-07T16:15:46.883\",\"lastModified\":\"2025-10-08T19:38:32.610\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nmedia: i2c: ov772x: Fix memleak in ov772x_probe()\\n\\nA memory leak was reported when testing ov772x with bpf mock device:\\n\\nAssertionError: unreferenced object 0xffff888109afa7a8 (size 8):\\n  comm \\\"python3\\\", pid 279, jiffies 4294805921 (age 20.681s)\\n  hex dump (first 8 bytes):\\n    80 22 88 15 81 88 ff ff                          .\\\"......\\n  backtrace:\\n    [\u003c000000009990b438\u003e] __kmalloc_node+0x44/0x1b0\\n    [\u003c000000009e32f7d7\u003e] kvmalloc_node+0x34/0x180\\n    [\u003c00000000faf48134\u003e] v4l2_ctrl_handler_init_class+0x11d/0x180 [videodev]\\n    [\u003c00000000da376937\u003e] ov772x_probe+0x1c3/0x68c [ov772x]\\n    [\u003c000000003f0d225e\u003e] i2c_device_probe+0x28d/0x680\\n    [\u003c00000000e0b6db89\u003e] really_probe+0x17c/0x3f0\\n    [\u003c000000001b19fcee\u003e] __driver_probe_device+0xe3/0x170\\n    [\u003c0000000048370519\u003e] driver_probe_device+0x49/0x120\\n    [\u003c000000005ead07a0\u003e] __device_attach_driver+0xf7/0x150\\n    [\u003c0000000043f452b8\u003e] bus_for_each_drv+0x114/0x180\\n    [\u003c00000000358e5596\u003e] __device_attach+0x1e5/0x2d0\\n    [\u003c0000000043f83c5d\u003e] bus_probe_device+0x126/0x140\\n    [\u003c00000000ee0f3046\u003e] device_add+0x810/0x1130\\n    [\u003c00000000e0278184\u003e] i2c_new_client_device+0x359/0x4f0\\n    [\u003c0000000070baf34f\u003e] of_i2c_register_device+0xf1/0x110\\n    [\u003c00000000a9f2159d\u003e] of_i2c_notify+0x100/0x160\\nunreferenced object 0xffff888119825c00 (size 256):\\n  comm \\\"python3\\\", pid 279, jiffies 4294805921 (age 20.681s)\\n  hex dump (first 32 bytes):\\n    00 b4 a5 17 81 88 ff ff 00 5e 82 19 81 88 ff ff  .........^......\\n    10 5c 82 19 81 88 ff ff 10 5c 82 19 81 88 ff ff  .\\\\.......\\\\......\\n  backtrace:\\n    [\u003c000000009990b438\u003e] __kmalloc_node+0x44/0x1b0\\n    [\u003c000000009e32f7d7\u003e] kvmalloc_node+0x34/0x180\\n    [\u003c0000000073d88e0b\u003e] v4l2_ctrl_new.cold+0x19b/0x86f [videodev]\\n    [\u003c00000000b1f576fb\u003e] v4l2_ctrl_new_std+0x16f/0x210 [videodev]\\n    [\u003c00000000caf7ac99\u003e] ov772x_probe+0x1fa/0x68c [ov772x]\\n    [\u003c000000003f0d225e\u003e] i2c_device_probe+0x28d/0x680\\n    [\u003c00000000e0b6db89\u003e] really_probe+0x17c/0x3f0\\n    [\u003c000000001b19fcee\u003e] __driver_probe_device+0xe3/0x170\\n    [\u003c0000000048370519\u003e] driver_probe_device+0x49/0x120\\n    [\u003c000000005ead07a0\u003e] __device_attach_driver+0xf7/0x150\\n    [\u003c0000000043f452b8\u003e] bus_for_each_drv+0x114/0x180\\n    [\u003c00000000358e5596\u003e] __device_attach+0x1e5/0x2d0\\n    [\u003c0000000043f83c5d\u003e] bus_probe_device+0x126/0x140\\n    [\u003c00000000ee0f3046\u003e] device_add+0x810/0x1130\\n    [\u003c00000000e0278184\u003e] i2c_new_client_device+0x359/0x4f0\\n    [\u003c0000000070baf34f\u003e] of_i2c_register_device+0xf1/0x110\\n\\nThe reason is that if priv-\u003ehdl.error is set, ov772x_probe() jumps to the\\nerror_mutex_destroy without doing v4l2_ctrl_handler_free(), and all\\nresources allocated in v4l2_ctrl_handler_init() and v4l2_ctrl_new_std()\\nare leaked.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/1da495101ef7507eb4f4b1dbec2874d740eff251\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/448ce1cd50387b1345ec14eb191ef05f7afc2a26\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/7485edb2b6ca5960205c0a49bedfd09bba30e521\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/ac93f8ac66e60227bed42d5a023f0e6c15b52c0a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/c86d760c1c6855a6131e78d0ddacc48c79324ac3\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/cc3b6011d7a9f149489eb9420c6305a779162c57\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/dfaafeb8e9537969e8dba75491f732478c7fa9d6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.