Description
In the Linux kernel, the following vulnerability has been resolved: media: tegra-video: Fix memory leak in __tegra_channel_try_format() The state object allocated by __v4l2_subdev_state_alloc() must be freed with __v4l2_subdev_state_free() when it is no longer needed. In __tegra_channel_try_format(), two error paths return directly after v4l2_subdev_call() fails, without freeing the allocated 'sd_state' object. This violates the requirement and causes a memory leak. Fix this by introducing a cleanup label and using goto statements in the error paths to ensure that __v4l2_subdev_state_free() is always called before the function returns.
Product status
1ebaeb09830f36c1111b72a95420814225bd761c (git) before 6c6f419fa9c44a4b7149b0292e01bff47308ba14
1ebaeb09830f36c1111b72a95420814225bd761c (git) before ca921be7a1174d5d58b28f84b683c2c0079f18c5
1ebaeb09830f36c1111b72a95420814225bd761c (git) before 3ca2f09061736e72ef25eec2597d00f7f44094d3
1ebaeb09830f36c1111b72a95420814225bd761c (git) before 2dff8966a3a889dd9d248a7e15d963b4097efcc5
1ebaeb09830f36c1111b72a95420814225bd761c (git) before d92e9a18f97a1d19d4c2ff81dcfbe43591f75b5a
1ebaeb09830f36c1111b72a95420814225bd761c (git) before 43e5302d22334f1183dec3e0d5d8007eefe2817c
5.10
Any version before 5.10
6.1.167 (semver)
6.6.130 (semver)
6.12.77 (semver)
6.18.17 (semver)
6.19.6 (semver)
7.0 (original_commit_for_fix)
References
git.kernel.org/...c/6c6f419fa9c44a4b7149b0292e01bff47308ba14
git.kernel.org/...c/ca921be7a1174d5d58b28f84b683c2c0079f18c5
git.kernel.org/...c/3ca2f09061736e72ef25eec2597d00f7f44094d3
git.kernel.org/...c/2dff8966a3a889dd9d248a7e15d963b4097efcc5
git.kernel.org/...c/d92e9a18f97a1d19d4c2ff81dcfbe43591f75b5a
git.kernel.org/...c/43e5302d22334f1183dec3e0d5d8007eefe2817c