Bug 1220605 (CVE-2020-36786) - VUL-0: CVE-2020-36786: kernel: media: [next] staging: media: atomisp: fix memory leak of object flash
Summary: VUL-0: CVE-2020-36786: kernel: media: [next] staging: media: atomisp: fix mem...
Status: RESOLVED INVALID
Alias: CVE-2020-36786
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Kernel Bugs
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/395423/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-02-29 08:23 UTC by SMASH SMASH
Modified: 2024-04-29 07:12 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SMASH SMASH 2024-02-29 08:23:03 UTC 
In the Linux kernel, the following vulnerability has been resolved:

media: [next] staging: media: atomisp: fix memory leak of object flash

In the case where the call to lm3554_platform_data_func returns an
error there is a memory leak on the error return path of object
flash.  Fix this by adding an error return path that will free
flash and rename labels fail2 to fail3 and fail1 to fail2.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36786
https://www.cve.org/CVERecord?id=CVE-2020-36786
https://lore.kernel.org/linux-cve-announce/2024022821-CVE-2020-36786-fa2b@gregkh/T/#u

Patch:
https://git.kernel.org/stable/c/6045b01dd0e3cd3759eafe7f290ed04c957500b1
Comment 1 Andrea Mattiazzo 2024-02-29 08:31:26 UTC 
Closing since all codestreams are already patched or not affected.
Comment 3 Michal Hocko 2024-04-26 17:02:58 UTC 
Staging drivers are not supported so this should be really closed as invalid