Linux Kernel Tegra Video Memory Leak Vulnerability in Channel Format Handling

A memory leak vulnerability has been identified in the Linux kernel's Tegra video driver. The issue arises in the '__tegra_channel_try_format()' function, where the state object allocated by '__v4l2_subdev_state_alloc()' is not properly freed before the function returns. This oversight creates a memory leak, as two error paths fail to release the allocated 'sd_state' object after a 'v4l2_subdev_call()' failure. The vulnerability affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability leads to a memory leak, where allocated memory is not properly released, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by invoking the '__tegra_channel_try_format()' function in the Tegra video driver. When the function calls 'v4l2_subdev_call()' and the call fails, the 'sd_state' object is not freed, creating a memory leak. This can be observed by monitoring memory usage before and after the function execution, where the leaked memory will not be released as expected.

Remediation

The vulnerability has been addressed by modifying the '__tegra_channel_try_format()' function to include a cleanup label. This change ensures that the '__v4l2_subdev_state_free()' function is called to free the 'sd_state' object before the function exits, effectively preventing the memory leak.