Linux Kernel UVC Video Buffer Handling Stream Failure Vulnerability

A vulnerability in the Linux kernel's UVC video driver has been addressed, which involves improper handling of video buffers when streaming fails to start. This issue can occur if the 'uvc_pm_get()' function encounters an error, leading to a warning that may indicate a problem with the USB controller under certain workloads. The vulnerability could potentially disrupt normal video streaming operations by not properly returning queued buffers when an error occurs.

Impact

The vulnerability could lead to warnings about USB controller failures, indicating that the host controller has stopped functioning properly, which can disrupt USB device connectivity and potentially cause data loss or corruption for devices that were connected.

Reproduction

The vulnerability can be reproduced by using the 'yavta' tool to send video capture requests to a UVC video device, such as '/dev/video0'. This can be done by running a loop that continuously sends capture requests. If the USB controller fails under this workload, a warning will be generated, indicating that the host controller has stopped working and has disconnected the USB device.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched kernel can be found on the official Linux kernel website.