CVE-2024-27077 – media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity
https://notcve.org/view.php?id=CVE-2024-27077
In the Linux kernel, the following vulnerability has been resolved: media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity The entity->name (i.e. name) is allocated in v4l2_m2m_register_entity but isn't freed in its following error-handling paths. This patch adds such deallocation to prevent memleak of entity->name. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: medio: v4l2-mem2mem: corrige una fuga de mem en v4l2_m2m_register_entity La entidad->nombre (es decir, nombre) se asigna en v4l2_m2m_register_entity pero no se libera en las siguientes rutas de manejo de errores. Este parche agrega dicha desasignación para evitar la fuga de memoria de entidad->nombre. • https://git.kernel.org/stable/c/be2fff656322e82f215730839063c2c2ca73d14b https://git.kernel.org/stable/c/3dd8abb0ed0e0a7c66d6d677c86ccb188cc39333 https://git.kernel.org/stable/c/0175f2d34c85744f9ad6554f696cf0afb5bd04e4 https://git.kernel.org/stable/c/afd2a82fe300032f63f8be5d6cd6981e75f8bbf2 https://git.kernel.org/stable/c/dc866b69cc51af9b8509b4731b8ce2a4950cd0ef https://git.kernel.org/stable/c/0c9550b032de48d6a7fa6a4ddc09699d64d9300d https://git.kernel.org/stable/c/90029b9c979b60de5cb2b70ade4bbf61d561bc5d https://git.kernel.org/stable/c/5dc319cc3c4f7b74f7dfba349aa26f87e •
CVE-2024-27076 – media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak
https://notcve.org/view.php?id=CVE-2024-27076
In the Linux kernel, the following vulnerability has been resolved: media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak Free the memory allocated in v4l2_ctrl_handler_init on release. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: medios: imx: csc/scaler: corrige la pérdida de memoria v4l2_ctrl_handler Libere la memoria asignada en v4l2_ctrl_handler_init en el lanzamiento. • https://git.kernel.org/stable/c/a8ef0488cc592921a917362cca66af4a601987b9 https://git.kernel.org/stable/c/8c2e4efe1278cd2b230cdbf90a6cefbf00acc282 https://git.kernel.org/stable/c/5d9fe604bf9b5b09d2215225df55f22a4cbbc684 https://git.kernel.org/stable/c/b1d0eebaf87cc9ccd05f779ec4a0589f95d6c18b https://git.kernel.org/stable/c/8df9a3c7044b847e9c4dc7e683fd64c6b873f328 https://git.kernel.org/stable/c/d164ddc21e986dd9ad614b4b01746e5457aeb24f https://git.kernel.org/stable/c/42492b00156c03a79fd4851190aa63045d6a15ce https://git.kernel.org/stable/c/6c92224721a439d6350db5933a1060768 •
CVE-2024-27075 – media: dvb-frontends: avoid stack overflow warnings with clang
https://notcve.org/view.php?id=CVE-2024-27075
In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: avoid stack overflow warnings with clang A previous patch worked around a KASAN issue in stv0367, now a similar problem showed up with clang: drivers/media/dvb-frontends/stv0367.c:1222:12: error: stack frame size (3624) exceeds limit (2048) in 'stv0367ter_set_frontend' [-Werror,-Wframe-larger-than] 1214 | static int stv0367ter_set_frontend(struct dvb_frontend *fe) Rework the stv0367_writereg() function to be simpler and mark both register access functions as noinline_for_stack so the temporary i2c_msg structures do not get duplicated on the stack when KASAN_STACK is enabled. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: dvb-frontends: evita advertencias de desbordamiento de pila con clang. Un parche anterior solucionó un problema de KASAN en stv0367, ahora apareció un problema similar con clang: drivers/media/dvb- frontends/stv0367.c:1222:12: error: el tamaño del marco de pila (3624) excede el límite (2048) en 'stv0367ter_set_frontend' [-Werror,-Wframe-larger-than] 1214 | static int stv0367ter_set_frontend(struct dvb_frontend *fe) Vuelva a trabajar la función stv0367_writereg() para que sea más simple y marque ambas funciones de acceso a registros como noinline_for_stack para que las estructuras temporales i2c_msg no se dupliquen en la pila cuando KASAN_STACK esté habilitado. • https://git.kernel.org/stable/c/3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e https://git.kernel.org/stable/c/dc4bc70259daba144f799e40a99413a86c601006 https://git.kernel.org/stable/c/d1d85ae79d5e5592dccba6890658c0999b864ddc https://git.kernel.org/stable/c/ad91b2e392be4339e09eefd8479675b4232ddfa1 https://git.kernel.org/stable/c/ec1eeaf5b6c12b561d9a90588987e44a2e2f8b1a https://git.kernel.org/stable/c/c073c8cede5abd3836e83d70d72606d11d0759d4 https://git.kernel.org/stable/c/fa8b472952ef46eb632825051078c21ce0cafe55 https://git.kernel.org/stable/c/fb07104a02e87c06c39914d13ed67fd8f •
CVE-2024-27074 – media: go7007: fix a memleak in go7007_load_encoder
https://notcve.org/view.php?id=CVE-2024-27074
In the Linux kernel, the following vulnerability has been resolved: media: go7007: fix a memleak in go7007_load_encoder In go7007_load_encoder, bounce(i.e. go->boot_fw), is allocated without a deallocation thereafter. After the following call chain: saa7134_go7007_init |-> go7007_boot_encoder |-> go7007_load_encoder |-> kfree(go) go is freed and thus bounce is leaked. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: medios: go7007: corrige una fuga de memoria en go7007_load_encoder En go7007_load_encoder, el rebote (es decir, go->boot_fw) se asigna sin una desasignación posterior. Después de la siguiente cadena de llamadas: saa7134_go7007_init |-> go7007_boot_encoder |-> go7007_load_encoder |-> kfree(go) go se libera y, por lo tanto, se filtra el rebote. • https://git.kernel.org/stable/c/95ef39403f890360a3e48fe550d8e8e5d088ad74 https://git.kernel.org/stable/c/7f11dd3d165b178e738fe73dfeea513e383bedb5 https://git.kernel.org/stable/c/291cda0b805fc0d6e90d201710311630c8667159 https://git.kernel.org/stable/c/b49fe84c6cefcc1c2336d793b53442e716c95073 https://git.kernel.org/stable/c/790fa2c04dfb9f095ec372bf17909424d6e864b3 https://git.kernel.org/stable/c/e04d15c8bb3e111dd69f98894acd92d63e87aac3 https://git.kernel.org/stable/c/f31c1cc37411f5f7bcb266133f9a7e1b4bdf2975 https://git.kernel.org/stable/c/d43988a23c32588ccd0c74219637afb96 •
CVE-2024-27073 – media: ttpci: fix two memleaks in budget_av_attach
https://notcve.org/view.php?id=CVE-2024-27073
In the Linux kernel, the following vulnerability has been resolved: media: ttpci: fix two memleaks in budget_av_attach When saa7146_register_device and saa7146_vv_init fails, budget_av_attach should free the resources it allocates, like the error-handling of ttpci_budget_init does. Besides, there are two fixme comment refers to such deallocations. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: medios: ttpci: corrige dos fugas de mem en Budget_av_attach Cuando fallan saa7146_register_device y saa7146_vv_init, Budget_av_attach debería liberar los recursos que asigna, como lo hace el manejo de errores de ttpci_budget_init. Además, hay dos comentarios fijos que se refieren a dichas desasignaciones. • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 https://git.kernel.org/stable/c/af37aed04997e644f7e1b52b696b62dcae3cc016 https://git.kernel.org/stable/c/910363473e4bf97da3c350e08d915546dd6cc30b https://git.kernel.org/stable/c/24e51d6eb578b82ff292927f14b9f5ec05a46beb https://git.kernel.org/stable/c/55ca0c7eae8499bb96f4e5d9b26af95e89c4e6a0 https://git.kernel.org/stable/c/7393c681f9aa05ffe2385e8716989565eed2fe06 https://git.kernel.org/stable/c/1597cd1a88cfcdc4bf8b1b44cd458fed9a5a5d63 https://git.kernel.org/stable/c/656b8cc123d7635dd399d9f02594f27aa •