Linux Kernel NXP i.MX8-ISI Streaming Cleanup Vulnerability

A vulnerability exists in the Linux kernel's handling of video streaming for NXP i.MX8 Image Signal Interface (ISI) capture devices. The issue arises because the current implementation automatically cleans up streaming sessions when a release call is made, such as through 'v4l2-ctl -l'. This behavior can unintentionally disrupt active video streams. The vulnerability has been observed on i.MX8MP boards while using GStreamer to stream from an ISI capture device. During this streaming, querying the device's capabilities with 'v4l2-ctl -l -d /dev/videoX' triggers an error state, indicating that the streaming has been improperly terminated.

Impact

The vulnerability can cause a denial of service by interrupting active video streams, leading to potential application errors or crashes.

Reproduction

To reproduce this vulnerability, stream from an ISI capture device on an i.MX8MP board using GStreamer. While the stream is active, send a release command to the video device using 'v4l2-ctl -l -d /dev/videoX'. This will cause the currently streaming queue to be released, disrupting the video stream and generating an error state.

Remediation

The vulnerability has been addressed by modifying the driver to manage streaming preparation and cleanup through the video buffer (vb2) operations, specifically by using 'vb2_ioctl_streamon()' and 'vb2_ioctl_streamoff()' helpers. This change eliminates the need for manual cleanup in the video release function.