Linux Kernel Media Subsystem IRIS Sanity Check Reversion Vulnerability

A vulnerability exists in the Linux kernel's media subsystem, specifically within the IRIS driver. This issue arises from the reversion of a sanity check intended to manage the stop streaming process. The vulnerability is present in the stable version of the Linux kernel. The removed check allowed the streaming process to be halted even when the instance was in an error state, leading to several regressions. Notably, buffers were not returned to the vb2 queue when the instance was already in an error state, causing warnings in the vb2 core due to skipped buffer completions. Additionally, if a session failed early, the instance would enter an error state. When userspace tried to stop streaming for cleanup, the process was skipped, preventing proper teardown and leaving the firmware in an inconsistent state.

Impact

The removal of the sanity check can cause improper handling of streaming sessions, particularly those that encounter errors. This can lead to firmware inconsistencies and unresolved buffer management issues.

Reproduction

The vulnerability can be reproduced by initiating a streaming session that encounters an error, causing the instance to transition to the IRIS_INST_ERROR state. When userspace attempts to stop streaming for cleanup, the process will be skipped due to the absence of the necessary sanity check, leaving the firmware in an inconsistent state.

Remediation

Users can apply the latest patch available in the Linux kernel stable tree to address this vulnerability.