2425178 – (CVE-2022-50757) CVE-2022-50757 kernel: media: camss: Clean up received buffers on failed start of streaming

Bug 2425178 (CVE-2022-50757) - CVE-2022-50757 kernel: media: camss: Clean up received buffers on failed start of streaming

Summary: CVE-2022-50757 kernel: media: camss: Clean up received buffers on failed star...

Keywords:
Status:	NEW
Alias:	CVE-2022-50757
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-12-24 14:08 UTC by OSIDB Bzimport
Modified:	2025-12-24 20:52 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-12-24 14:08:53 UTC

In the Linux kernel, the following vulnerability has been resolved:

media: camss: Clean up received buffers on failed start of streaming

It is required to return the received buffers, if streaming can not be
started. For instance media_pipeline_start() may fail with EPIPE, if
a link validation between entities is not passed, and in such a case
a user gets a kernel warning:

  WARNING: CPU: 1 PID: 520 at drivers/media/common/videobuf2/videobuf2-core.c:1592 vb2_start_streaming+0xec/0x160
  <snip>
  Call trace:
   vb2_start_streaming+0xec/0x160
   vb2_core_streamon+0x9c/0x1a0
   vb2_ioctl_streamon+0x68/0xbc
   v4l_streamon+0x30/0x3c
   __video_do_ioctl+0x184/0x3e0
   video_usercopy+0x37c/0x7b0
   video_ioctl2+0x24/0x40
   v4l2_ioctl+0x4c/0x70

The fix is to correct the error path in video_start_streaming() of camss.

Comment 1 Alexander B 2025-12-24 20:48:39 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025122454-CVE-2022-50757-15f0@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.