Linux Kernel UVC Video Memory Leak Vulnerability in GPIO Parsing

A memory leak vulnerability has been identified in the Linux kernel's UVC video driver. This issue arises in the GPIO parsing function, where a buffer is allocated before verifying the interrupt request (IRQ) for privacy GPIO. If an error occurs, the allocated buffer is not properly released, leading to a memory leak. The vulnerability affects the stable versions of the Linux kernel.

Impact

The vulnerability causes a resource leak, where allocated memory is not properly freed, potentially leading to increased memory usage and exhaustion over time.

Reproduction

The vulnerability can be reproduced by using a version of the Linux kernel that includes the UVC video driver. When the UVC GPIO parsing function is called, the unit buffer is allocated before the privacy GPIO IRQ is checked. If the IRQ check fails, the allocated buffer is leaked, creating a memory leak condition.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. The specific commit that fixes this issue is available in the Linux kernel stable tree.