Description
In the Linux kernel, the following vulnerability has been resolved: media: iris: Add buffer to list only after successful allocation Move `list_add_tail()` to after `dma_alloc_attrs()` succeeds when creating internal buffers. Previously, the buffer was enqueued in `buffers->list` before the DMA allocation. If the allocation failed, the function returned `-ENOMEM` while leaving a partially initialized buffer in the list, which could lead to inconsistent state and potential leaks. By adding the buffer to the list only after `dma_alloc_attrs()` succeeds, we ensure the list contains only valid, fully initialized buffers.
Product status
73702f45db81b74897b2808aaa13484826156006 (git) before 45b30f65feeb4d5570d5337793bb0f298be813d2
73702f45db81b74897b2808aaa13484826156006 (git) before 98b4c4c90f1e11caecbe2093dbe3a901d338bc81
73702f45db81b74897b2808aaa13484826156006 (git) before 2d0bbd982dfdd67da488a772f7a8a1bdca7642bf
6.15
Any version before 6.15
6.18.16 (semver)
6.19.6 (semver)
7.0 (original_commit_for_fix)
References
git.kernel.org/...c/45b30f65feeb4d5570d5337793bb0f298be813d2
git.kernel.org/...c/98b4c4c90f1e11caecbe2093dbe3a901d338bc81
git.kernel.org/...c/2d0bbd982dfdd67da488a772f7a8a1bdca7642bf