CVE-2023-53349
- Source
- https://cve.org/CVERecord?id=CVE-2023-53349
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53349.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-53349
- Downstream
- Related
- Published
- 2025-09-17T14:56:40.510Z
- Modified
- 2026-03-20T12:33:06.913630Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- media: ov2740: Fix memleak in ov2740_init_controls()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
media: ov2740: Fix memleak in ov2740initcontrols()
There is a kmemleak when testing the media/i2c/ov2740.c with bpf mock device:
unreferenced object 0xffff8881090e19e0 (size 16): comm "51-i2c-ov2740", pid 278, jiffies 4294781584 (age 23.613s) hex dump (first 16 bytes): 00 f3 7c 0b 81 88 ff ff 80 75 6a 09 81 88 ff ff ..|......uj..... backtrace: [<000000004e9fad8f>] __kmallocnode+0x44/0x1b0 [<0000000039c802f4>] kvmallocnode+0x34/0x180 [<000000009b8b5c63>] v4l2ctrlhandlerinitclass+0x11d/0x180 [videodev] [<0000000038644056>] ov2740probe+0x37d/0x84f [ov2740] [<0000000092489f59>] i2cdeviceprobe+0x28d/0x680 [<000000001038babe>] reallyprobe+0x17c/0x3f0 [<0000000098c7af1c>] __driverprobedevice+0xe3/0x170 [<00000000e1b3dc24>] devicedriverattach+0x34/0x80 [<000000005a04a34d>] bindstore+0x10b/0x1a0 [<00000000ce25d4f2>] drvattrstore+0x49/0x70 [<000000007d9f4e9a>] sysfskfwrite+0x8c/0xb0 [<00000000be6cff0f>] kernfsfopwriteiter+0x216/0x2e0 [<0000000031ddb40a>] vfswrite+0x658/0x810 [<0000000041beecdd>] ksyswrite+0xd6/0x1b0 [<0000000023755840>] dosyscall64+0x38/0x90 [<00000000b2cc2da2>] entrySYSCALL64afterhwframe+0x63/0xcd
ov2740initcontrols() won't clean all the allocated resources in fail path, which may causes the memleaks. Add v4l2ctrlhandler_free() to prevent memleak.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53349.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/2d899592ed7829d0d5140853bac4d58742a6b8af
- https://git.kernel.org/stable/c/3969b2ebc66039306f505c7c630c5530800f83c0
- https://git.kernel.org/stable/c/7c405ee63447f14eefcfe12a18aa749abbd596ea
- https://git.kernel.org/stable/c/a163ee11345d8322321c28bd61631de32455b987
- https://git.kernel.org/stable/c/fc33380ae06f438b652f66b9370b543976ac8a03
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53349.json
- https://nvd.nist.gov/vuln/detail/CVE-2023-53349
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced866edc895171f1256aad3e81dce193447955c202Fixeda163ee11345d8322321c28bd61631de32455b987Fixed3969b2ebc66039306f505c7c630c5530800f83c0Fixedfc33380ae06f438b652f66b9370b543976ac8a03Fixed7c405ee63447f14eefcfe12a18aa749abbd596eaFixed2d899592ed7829d0d5140853bac4d58742a6b8af