916831 – (CVE-2010-5321) VUL-2: CVE-2010-5321: kernel: v4l: videobuf: hotfix a bug on multiple calls to mmap()

Bug 916831 (CVE-2010-5321) - VUL-2: CVE-2010-5321: kernel: v4l: videobuf: hotfix a bug on multiple calls to mmap()

Summary: VUL-2: CVE-2010-5321: kernel: v4l: videobuf: hotfix a bug on multiple calls t...

Status:	RESOLVED UPSTREAM

Alias:	CVE-2010-5321

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Minor
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/113652/
Whiteboard:	CVSSv2:RedHat:CVE-2010-5321:3.8:(AV:L...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2015-02-09 09:31 UTC by Johannes Segitz
Modified:	2017-10-24 08:51 UTC (History)
CC List:	5 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Johannes Segitz 2015-02-09 09:31:12 UTC

Since videobuf allocates memory on mmap(), calling mmap enough times for the same buffer (offset) resulted in a new memory allocation by videobuf on each such call and losing the old allocation, resulting in a leak each time and the system running out of memory.

Was discussed here
http://linuxtv.org/irc/v4l/index.php?date=2010-07-29
and just received a CVE. Unfortunately there aren't many details in the report, so I couldn't identify if we're vulnerable or already have the fix.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=620629
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5321

Comment 1 Swamp Workflow Management 2015-02-09 23:00:14 UTC

bugbot adjusting priority

Comment 2 Takashi Iwai 2015-02-13 14:39:19 UTC

This sounds very old (2010).  Do we still need to care?

Comment 3 Johannes Segitz 2015-02-13 14:55:50 UTC

This is very old. Red Hat did a spring cleaning of their bugtracker. Unfortunately there was not enough information so that I could check if we're affected. We will probably still have to wait until more information surfaces.

Comment 4 Marcus Meissner 2015-04-08 11:57:19 UTC

we should get it into the older kernels, sles10?

Comment 5 Takashi Iwai 2015-04-08 15:42:01 UTC

Well, the bug itself isn't clear, so it's a bit hard to judge...

I'll dig through the git commits whether I can find anything relevant.

Comment 6 Johannes Segitz 2015-04-10 08:16:06 UTC

(In reply to Takashi Iwai from comment #5)
could you find anything?

Comment 7 Takashi Iwai 2015-05-29 15:41:31 UTC

(In reply to Johannes Segitz from comment #6)
> (In reply to Takashi Iwai from comment #5)
> could you find anything?

Not really.  The whole infrastructure has been rewritten afterwards, so I guess the bug was just ripped off at some time in the upstream.

Meanwhile, I see no other information (the CVE page in the bug description shows empty).  If any test case or more information is provided regarding this CVE, please let me know.

Comment 8 Johannes Segitz 2015-06-08 12:12:20 UTC

Due to the low severity and no real patch being available we'll keep this as VUL-2 for now and will revisit is later on

Comment 9 Marcus Meissner 2017-10-24 08:51:01 UTC

all current relevant kernels are fixed.