CVE-2023-53349

Unknown Unknown - Not Provided

BaseFortify

Publication date: 2025-09-17

Last updated on: 2025-12-11

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: media: ov2740: Fix memleak in ov2740_init_controls() There is a kmemleak when testing the media/i2c/ov2740.c with bpf mock device: unreferenced object 0xffff8881090e19e0 (size 16): comm "51-i2c-ov2740", pid 278, jiffies 4294781584 (age 23.613s) hex dump (first 16 bytes): 00 f3 7c 0b 81 88 ff ff 80 75 6a 09 81 88 ff ff ..|......uj..... backtrace: [<000000004e9fad8f>] __kmalloc_node+0x44/0x1b0 [<0000000039c802f4>] kvmalloc_node+0x34/0x180 [<000000009b8b5c63>] v4l2_ctrl_handler_init_class+0x11d/0x180 [videodev] [<0000000038644056>] ov2740_probe+0x37d/0x84f [ov2740] [<0000000092489f59>] i2c_device_probe+0x28d/0x680 [<000000001038babe>] really_probe+0x17c/0x3f0 [<0000000098c7af1c>] __driver_probe_device+0xe3/0x170 [<00000000e1b3dc24>] device_driver_attach+0x34/0x80 [<000000005a04a34d>] bind_store+0x10b/0x1a0 [<00000000ce25d4f2>] drv_attr_store+0x49/0x70 [<000000007d9f4e9a>] sysfs_kf_write+0x8c/0xb0 [<00000000be6cff0f>] kernfs_fop_write_iter+0x216/0x2e0 [<0000000031ddb40a>] vfs_write+0x658/0x810 [<0000000041beecdd>] ksys_write+0xd6/0x1b0 [<0000000023755840>] do_syscall_64+0x38/0x90 [<00000000b2cc2da2>] entry_SYSCALL_64_after_hwframe+0x63/0xcd ov2740_init_controls() won't clean all the allocated resources in fail path, which may causes the memleaks. Add v4l2_ctrl_handler_free() to prevent memleak.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2025-09-17

Last Modified

2025-12-11

Generated

2026-05-27

AI Q&A

2025-09-17

EPSS Evaluated

2026-05-25

NVD

CVE-2023-53349

Affected Vendors & Products

Vendor	Product	Version / Range
linux	linux_kernel	From 5.8 (inc) to 5.10.173 (exc)
linux	linux_kernel	From 5.11 (inc) to 5.15.99 (exc)
linux	linux_kernel	From 5.16 (inc) to 6.1.16 (exc)
linux	linux_kernel	From 6.2 (inc) to 6.2.3 (exc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-401	The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

Attack-Flow Graph

AI Powered Q&A

Can you explain this vulnerability to me?

This vulnerability is a memory leak in the Linux kernel's ov2740 camera driver. Specifically, the function ov2740_init_controls() does not properly free allocated memory when an error occurs during initialization, leading to unreferenced memory that is not released. This was fixed by adding a call to v4l2_ctrl_handler_free() to clean up resources and prevent the leak.

How can this vulnerability impact me? :

The memory leak can cause the system to consume more memory over time when the ov2740 driver is used, potentially leading to degraded performance or system instability if the leak is significant or occurs repeatedly.

Ask Our AI Assistant

Need more information? Ask your question to get an AI reply (Powered by our expertise)

0/70

CVE-2023-53349

BaseFortify

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Powered Q&A

Ask Our AI Assistant

EPSS Chart