Linux Kernel Media: Mediatek Vcodec Resource Leak Vulnerability in Message Queue Initialization

A resource leak vulnerability has been addressed in the Linux kernel's MediaTek vcodec component. The issue arises in the 'vdec_msg_queue_init()' function, where error handling for memory allocation failures was inadequate. Specifically, if the allocation for the message queue's WDMA address fails, the corresponding size is not reset, leading to a resource leak. This vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability could lead to resource leaks, potentially causing memory to be improperly managed and not released, which could contribute to memory exhaustion over time.

Reproduction

The vulnerability can be reproduced by triggering a memory allocation failure in the 'vdec_msg_queue_init()' function within the MediaTek vcodec component. This can be done by simulating an error during the allocation process, which will cause the function to return without properly cleaning up, leaving allocated resources unfreed.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.