Executive Summary

This vulnerability exists in the Linux kernel's media component, specifically in the chips-media wave5 driver. When opening a video processing unit (VPU) encoder or decoder instance, memory is allocated for the instance. However, if a subsequent memory allocation for codec information fails, the previously allocated memory for the instance is not freed, causing a memory leak.

The issue occurs in the functions wave5_vpu_open_enc() and wave5_vpu_open_dec(), where kzalloc() is used to allocate memory for the VPU instance. If the allocation for inst->codec_info fails, the functions return an error (-ENOMEM) without freeing the initial allocation, leading to a leak.

The fix involves calling kfree() on the allocated instance in the error path to properly release the memory and prevent the leak.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to a memory leak in the Linux kernel when using the wave5 media driver. Over time, repeated failures in codec_info allocation could cause the system to consume more memory than necessary, potentially leading to degraded system performance or instability.

While it does not directly cause code execution or data corruption, the memory leak could affect system reliability, especially in environments where the affected driver is heavily used.

Useful 0 Not Useful 0

Mitigation Strategies

The vulnerability is a memory leak in the Linux kernel's chips-media wave5 codec driver caused by failure to free allocated memory on codec_info allocation failure.

To mitigate this vulnerability, update your Linux kernel to a version that includes the fix where kfree() is called on the instance in the error path to properly release memory.

Useful 0 Not Useful 0