CVE-2023-53637 (GCVE-0-2023-53637)
Vulnerability from cvelistv5
Published
2025-10-07 15:19
Modified
2025-10-07 15:19
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: i2c: ov772x: Fix memleak in ov772x_probe()
A memory leak was reported when testing ov772x with bpf mock device:
AssertionError: unreferenced object 0xffff888109afa7a8 (size 8):
comm "python3", pid 279, jiffies 4294805921 (age 20.681s)
hex dump (first 8 bytes):
80 22 88 15 81 88 ff ff ."......
backtrace:
[<000000009990b438>] __kmalloc_node+0x44/0x1b0
[<000000009e32f7d7>] kvmalloc_node+0x34/0x180
[<00000000faf48134>] v4l2_ctrl_handler_init_class+0x11d/0x180 [videodev]
[<00000000da376937>] ov772x_probe+0x1c3/0x68c [ov772x]
[<000000003f0d225e>] i2c_device_probe+0x28d/0x680
[<00000000e0b6db89>] really_probe+0x17c/0x3f0
[<000000001b19fcee>] __driver_probe_device+0xe3/0x170
[<0000000048370519>] driver_probe_device+0x49/0x120
[<000000005ead07a0>] __device_attach_driver+0xf7/0x150
[<0000000043f452b8>] bus_for_each_drv+0x114/0x180
[<00000000358e5596>] __device_attach+0x1e5/0x2d0
[<0000000043f83c5d>] bus_probe_device+0x126/0x140
[<00000000ee0f3046>] device_add+0x810/0x1130
[<00000000e0278184>] i2c_new_client_device+0x359/0x4f0
[<0000000070baf34f>] of_i2c_register_device+0xf1/0x110
[<00000000a9f2159d>] of_i2c_notify+0x100/0x160
unreferenced object 0xffff888119825c00 (size 256):
comm "python3", pid 279, jiffies 4294805921 (age 20.681s)
hex dump (first 32 bytes):
00 b4 a5 17 81 88 ff ff 00 5e 82 19 81 88 ff ff .........^......
10 5c 82 19 81 88 ff ff 10 5c 82 19 81 88 ff ff .\.......\......
backtrace:
[<000000009990b438>] __kmalloc_node+0x44/0x1b0
[<000000009e32f7d7>] kvmalloc_node+0x34/0x180
[<0000000073d88e0b>] v4l2_ctrl_new.cold+0x19b/0x86f [videodev]
[<00000000b1f576fb>] v4l2_ctrl_new_std+0x16f/0x210 [videodev]
[<00000000caf7ac99>] ov772x_probe+0x1fa/0x68c [ov772x]
[<000000003f0d225e>] i2c_device_probe+0x28d/0x680
[<00000000e0b6db89>] really_probe+0x17c/0x3f0
[<000000001b19fcee>] __driver_probe_device+0xe3/0x170
[<0000000048370519>] driver_probe_device+0x49/0x120
[<000000005ead07a0>] __device_attach_driver+0xf7/0x150
[<0000000043f452b8>] bus_for_each_drv+0x114/0x180
[<00000000358e5596>] __device_attach+0x1e5/0x2d0
[<0000000043f83c5d>] bus_probe_device+0x126/0x140
[<00000000ee0f3046>] device_add+0x810/0x1130
[<00000000e0278184>] i2c_new_client_device+0x359/0x4f0
[<0000000070baf34f>] of_i2c_register_device+0xf1/0x110
The reason is that if priv->hdl.error is set, ov772x_probe() jumps to the
error_mutex_destroy without doing v4l2_ctrl_handler_free(), and all
resources allocated in v4l2_ctrl_handler_init() and v4l2_ctrl_new_std()
are leaked.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 1112babde21483d86ed3fbad1320b0ddf9ab2ece Version: 1112babde21483d86ed3fbad1320b0ddf9ab2ece Version: 1112babde21483d86ed3fbad1320b0ddf9ab2ece Version: 1112babde21483d86ed3fbad1320b0ddf9ab2ece Version: 1112babde21483d86ed3fbad1320b0ddf9ab2ece Version: 1112babde21483d86ed3fbad1320b0ddf9ab2ece Version: 1112babde21483d86ed3fbad1320b0ddf9ab2ece |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/i2c/ov772x.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cc3b6011d7a9f149489eb9420c6305a779162c57",
"status": "affected",
"version": "1112babde21483d86ed3fbad1320b0ddf9ab2ece",
"versionType": "git"
},
{
"lessThan": "448ce1cd50387b1345ec14eb191ef05f7afc2a26",
"status": "affected",
"version": "1112babde21483d86ed3fbad1320b0ddf9ab2ece",
"versionType": "git"
},
{
"lessThan": "dfaafeb8e9537969e8dba75491f732478c7fa9d6",
"status": "affected",
"version": "1112babde21483d86ed3fbad1320b0ddf9ab2ece",
"versionType": "git"
},
{
"lessThan": "1da495101ef7507eb4f4b1dbec2874d740eff251",
"status": "affected",
"version": "1112babde21483d86ed3fbad1320b0ddf9ab2ece",
"versionType": "git"
},
{
"lessThan": "ac93f8ac66e60227bed42d5a023f0e6c15b52c0a",
"status": "affected",
"version": "1112babde21483d86ed3fbad1320b0ddf9ab2ece",
"versionType": "git"
},
{
"lessThan": "c86d760c1c6855a6131e78d0ddacc48c79324ac3",
"status": "affected",
"version": "1112babde21483d86ed3fbad1320b0ddf9ab2ece",
"versionType": "git"
},
{
"lessThan": "7485edb2b6ca5960205c0a49bedfd09bba30e521",
"status": "affected",
"version": "1112babde21483d86ed3fbad1320b0ddf9ab2ece",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/i2c/ov772x.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.17"
},
{
"lessThan": "4.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.235",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.173",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.99",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.*",
"status": "unaffected",
"version": "6.2.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.3",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.276",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.235",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.173",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.99",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.16",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2.3",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3",
"versionStartIncluding": "4.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: i2c: ov772x: Fix memleak in ov772x_probe()\n\nA memory leak was reported when testing ov772x with bpf mock device:\n\nAssertionError: unreferenced object 0xffff888109afa7a8 (size 8):\n comm \"python3\", pid 279, jiffies 4294805921 (age 20.681s)\n hex dump (first 8 bytes):\n 80 22 88 15 81 88 ff ff .\"......\n backtrace:\n [\u003c000000009990b438\u003e] __kmalloc_node+0x44/0x1b0\n [\u003c000000009e32f7d7\u003e] kvmalloc_node+0x34/0x180\n [\u003c00000000faf48134\u003e] v4l2_ctrl_handler_init_class+0x11d/0x180 [videodev]\n [\u003c00000000da376937\u003e] ov772x_probe+0x1c3/0x68c [ov772x]\n [\u003c000000003f0d225e\u003e] i2c_device_probe+0x28d/0x680\n [\u003c00000000e0b6db89\u003e] really_probe+0x17c/0x3f0\n [\u003c000000001b19fcee\u003e] __driver_probe_device+0xe3/0x170\n [\u003c0000000048370519\u003e] driver_probe_device+0x49/0x120\n [\u003c000000005ead07a0\u003e] __device_attach_driver+0xf7/0x150\n [\u003c0000000043f452b8\u003e] bus_for_each_drv+0x114/0x180\n [\u003c00000000358e5596\u003e] __device_attach+0x1e5/0x2d0\n [\u003c0000000043f83c5d\u003e] bus_probe_device+0x126/0x140\n [\u003c00000000ee0f3046\u003e] device_add+0x810/0x1130\n [\u003c00000000e0278184\u003e] i2c_new_client_device+0x359/0x4f0\n [\u003c0000000070baf34f\u003e] of_i2c_register_device+0xf1/0x110\n [\u003c00000000a9f2159d\u003e] of_i2c_notify+0x100/0x160\nunreferenced object 0xffff888119825c00 (size 256):\n comm \"python3\", pid 279, jiffies 4294805921 (age 20.681s)\n hex dump (first 32 bytes):\n 00 b4 a5 17 81 88 ff ff 00 5e 82 19 81 88 ff ff .........^......\n 10 5c 82 19 81 88 ff ff 10 5c 82 19 81 88 ff ff .\\.......\\......\n backtrace:\n [\u003c000000009990b438\u003e] __kmalloc_node+0x44/0x1b0\n [\u003c000000009e32f7d7\u003e] kvmalloc_node+0x34/0x180\n [\u003c0000000073d88e0b\u003e] v4l2_ctrl_new.cold+0x19b/0x86f [videodev]\n [\u003c00000000b1f576fb\u003e] v4l2_ctrl_new_std+0x16f/0x210 [videodev]\n [\u003c00000000caf7ac99\u003e] ov772x_probe+0x1fa/0x68c [ov772x]\n [\u003c000000003f0d225e\u003e] i2c_device_probe+0x28d/0x680\n [\u003c00000000e0b6db89\u003e] really_probe+0x17c/0x3f0\n [\u003c000000001b19fcee\u003e] __driver_probe_device+0xe3/0x170\n [\u003c0000000048370519\u003e] driver_probe_device+0x49/0x120\n [\u003c000000005ead07a0\u003e] __device_attach_driver+0xf7/0x150\n [\u003c0000000043f452b8\u003e] bus_for_each_drv+0x114/0x180\n [\u003c00000000358e5596\u003e] __device_attach+0x1e5/0x2d0\n [\u003c0000000043f83c5d\u003e] bus_probe_device+0x126/0x140\n [\u003c00000000ee0f3046\u003e] device_add+0x810/0x1130\n [\u003c00000000e0278184\u003e] i2c_new_client_device+0x359/0x4f0\n [\u003c0000000070baf34f\u003e] of_i2c_register_device+0xf1/0x110\n\nThe reason is that if priv-\u003ehdl.error is set, ov772x_probe() jumps to the\nerror_mutex_destroy without doing v4l2_ctrl_handler_free(), and all\nresources allocated in v4l2_ctrl_handler_init() and v4l2_ctrl_new_std()\nare leaked."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-07T15:19:38.317Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cc3b6011d7a9f149489eb9420c6305a779162c57"
},
{
"url": "https://git.kernel.org/stable/c/448ce1cd50387b1345ec14eb191ef05f7afc2a26"
},
{
"url": "https://git.kernel.org/stable/c/dfaafeb8e9537969e8dba75491f732478c7fa9d6"
},
{
"url": "https://git.kernel.org/stable/c/1da495101ef7507eb4f4b1dbec2874d740eff251"
},
{
"url": "https://git.kernel.org/stable/c/ac93f8ac66e60227bed42d5a023f0e6c15b52c0a"
},
{
"url": "https://git.kernel.org/stable/c/c86d760c1c6855a6131e78d0ddacc48c79324ac3"
},
{
"url": "https://git.kernel.org/stable/c/7485edb2b6ca5960205c0a49bedfd09bba30e521"
}
],
"title": "media: i2c: ov772x: Fix memleak in ov772x_probe()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-53637",
"datePublished": "2025-10-07T15:19:38.317Z",
"dateReserved": "2025-10-07T15:16:59.658Z",
"dateUpdated": "2025-10-07T15:19:38.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2023-53637\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-10-07T16:15:46.883\",\"lastModified\":\"2025-10-08T19:38:32.610\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nmedia: i2c: ov772x: Fix memleak in ov772x_probe()\\n\\nA memory leak was reported when testing ov772x with bpf mock device:\\n\\nAssertionError: unreferenced object 0xffff888109afa7a8 (size 8):\\n comm \\\"python3\\\", pid 279, jiffies 4294805921 (age 20.681s)\\n hex dump (first 8 bytes):\\n 80 22 88 15 81 88 ff ff .\\\"......\\n backtrace:\\n [\u003c000000009990b438\u003e] __kmalloc_node+0x44/0x1b0\\n [\u003c000000009e32f7d7\u003e] kvmalloc_node+0x34/0x180\\n [\u003c00000000faf48134\u003e] v4l2_ctrl_handler_init_class+0x11d/0x180 [videodev]\\n [\u003c00000000da376937\u003e] ov772x_probe+0x1c3/0x68c [ov772x]\\n [\u003c000000003f0d225e\u003e] i2c_device_probe+0x28d/0x680\\n [\u003c00000000e0b6db89\u003e] really_probe+0x17c/0x3f0\\n [\u003c000000001b19fcee\u003e] __driver_probe_device+0xe3/0x170\\n [\u003c0000000048370519\u003e] driver_probe_device+0x49/0x120\\n [\u003c000000005ead07a0\u003e] __device_attach_driver+0xf7/0x150\\n [\u003c0000000043f452b8\u003e] bus_for_each_drv+0x114/0x180\\n [\u003c00000000358e5596\u003e] __device_attach+0x1e5/0x2d0\\n [\u003c0000000043f83c5d\u003e] bus_probe_device+0x126/0x140\\n [\u003c00000000ee0f3046\u003e] device_add+0x810/0x1130\\n [\u003c00000000e0278184\u003e] i2c_new_client_device+0x359/0x4f0\\n [\u003c0000000070baf34f\u003e] of_i2c_register_device+0xf1/0x110\\n [\u003c00000000a9f2159d\u003e] of_i2c_notify+0x100/0x160\\nunreferenced object 0xffff888119825c00 (size 256):\\n comm \\\"python3\\\", pid 279, jiffies 4294805921 (age 20.681s)\\n hex dump (first 32 bytes):\\n 00 b4 a5 17 81 88 ff ff 00 5e 82 19 81 88 ff ff .........^......\\n 10 5c 82 19 81 88 ff ff 10 5c 82 19 81 88 ff ff .\\\\.......\\\\......\\n backtrace:\\n [\u003c000000009990b438\u003e] __kmalloc_node+0x44/0x1b0\\n [\u003c000000009e32f7d7\u003e] kvmalloc_node+0x34/0x180\\n [\u003c0000000073d88e0b\u003e] v4l2_ctrl_new.cold+0x19b/0x86f [videodev]\\n [\u003c00000000b1f576fb\u003e] v4l2_ctrl_new_std+0x16f/0x210 [videodev]\\n [\u003c00000000caf7ac99\u003e] ov772x_probe+0x1fa/0x68c [ov772x]\\n [\u003c000000003f0d225e\u003e] i2c_device_probe+0x28d/0x680\\n [\u003c00000000e0b6db89\u003e] really_probe+0x17c/0x3f0\\n [\u003c000000001b19fcee\u003e] __driver_probe_device+0xe3/0x170\\n [\u003c0000000048370519\u003e] driver_probe_device+0x49/0x120\\n [\u003c000000005ead07a0\u003e] __device_attach_driver+0xf7/0x150\\n [\u003c0000000043f452b8\u003e] bus_for_each_drv+0x114/0x180\\n [\u003c00000000358e5596\u003e] __device_attach+0x1e5/0x2d0\\n [\u003c0000000043f83c5d\u003e] bus_probe_device+0x126/0x140\\n [\u003c00000000ee0f3046\u003e] device_add+0x810/0x1130\\n [\u003c00000000e0278184\u003e] i2c_new_client_device+0x359/0x4f0\\n [\u003c0000000070baf34f\u003e] of_i2c_register_device+0xf1/0x110\\n\\nThe reason is that if priv-\u003ehdl.error is set, ov772x_probe() jumps to the\\nerror_mutex_destroy without doing v4l2_ctrl_handler_free(), and all\\nresources allocated in v4l2_ctrl_handler_init() and v4l2_ctrl_new_std()\\nare leaked.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/1da495101ef7507eb4f4b1dbec2874d740eff251\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/448ce1cd50387b1345ec14eb191ef05f7afc2a26\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/7485edb2b6ca5960205c0a49bedfd09bba30e521\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/ac93f8ac66e60227bed42d5a023f0e6c15b52c0a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/c86d760c1c6855a6131e78d0ddacc48c79324ac3\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/cc3b6011d7a9f149489eb9420c6305a779162c57\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/dfaafeb8e9537969e8dba75491f732478c7fa9d6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…