Description
In the Linux kernel, the following vulnerability has been resolved: media: iris: Add sanity check for stop streaming Add sanity check in iris_vb2_stop_streaming. If inst->state is already IRIS_INST_ERROR, we should skip the stream_off operation because it would still send packets to the firmware. In iris_kill_session, inst->state is set to IRIS_INST_ERROR and session_close is executed, which will kfree(inst_hfi_gen2->packet). If stop_streaming is called afterward, it will cause a crash. [bod: remove qcom from patch title]
Product status
11712ce70f8e52fc94365b48ee15aec806b02422 (git) before f8b136296722e258ec43237a35f72c92a6d4501a
11712ce70f8e52fc94365b48ee15aec806b02422 (git) before ad699fa78b59241c9d71a8cafb51525f3dab04d4
6.15
Any version before 6.15
6.18.3 (semver)
6.19 (original_commit_for_fix)
References
git.kernel.org/...c/f8b136296722e258ec43237a35f72c92a6d4501a
git.kernel.org/...c/ad699fa78b59241c9d71a8cafb51525f3dab04d4