Bug 1220605 (CVE-2020-36786)

Summary: VUL-0: CVE-2020-36786: kernel: media: [next] staging: media: atomisp: fix memory leak of object flash
Product: [Novell Products] SUSE Security Incidents Reporter: SMASH SMASH <smash_bz>
Component: IncidentsAssignee: Kernel Bugs <kernel-bugs>
Status: RESOLVED INVALID QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: andrea.mattiazzo, mhocko
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/395423/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description SMASH SMASH 2024-02-29 08:23:03 UTC 
In the Linux kernel, the following vulnerability has been resolved:

media: [next] staging: media: atomisp: fix memory leak of object flash

In the case where the call to lm3554_platform_data_func returns an
error there is a memory leak on the error return path of object
flash.  Fix this by adding an error return path that will free
flash and rename labels fail2 to fail3 and fail1 to fail2.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36786
https://www.cve.org/CVERecord?id=CVE-2020-36786
https://lore.kernel.org/linux-cve-announce/2024022821-CVE-2020-36786-fa2b@gregkh/T/#u

Patch:
https://git.kernel.org/stable/c/6045b01dd0e3cd3759eafe7f290ed04c957500b1
Comment 1 Andrea Mattiazzo 2024-02-29 08:31:26 UTC 
Closing since all codestreams are already patched or not affected.
Comment 3 Michal Hocko 2024-04-26 17:02:58 UTC 
Staging drivers are not supported so this should be really closed as invalid