{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-54208", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-12-30T12:06:44.500Z", "datePublished": "2025-12-30T12:11:07.336Z", "dateUpdated": "2026-05-11T19:57:33.588Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T19:57:33.588Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: ov5675: Fix memleak in ov5675_init_controls()\n\nThere is a kmemleak when testing the media/i2c/ov5675.c with bpf mock\ndevice:\n\nAssertionError: unreferenced object 0xffff888107362160 (size 16):\n comm \"python3\", pid 277, jiffies 4294832798 (age 20.722s)\n hex dump (first 16 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [<00000000abe7d67c>] __kmalloc_node+0x44/0x1b0\n [<000000008a725aac>] kvmalloc_node+0x34/0x180\n [<000000009a53cd11>] v4l2_ctrl_handler_init_class+0x11d/0x180\n[videodev]\n [<0000000055b46db0>] ov5675_probe+0x38b/0x897 [ov5675]\n [<00000000153d886c>] i2c_device_probe+0x28d/0x680\n [<000000004afb7e8f>] really_probe+0x17c/0x3f0\n [<00000000ff2f18e4>] __driver_probe_device+0xe3/0x170\n [<000000000a001029>] driver_probe_device+0x49/0x120\n [<00000000e39743c7>] __device_attach_driver+0xf7/0x150\n [<00000000d32fd070>] bus_for_each_drv+0x114/0x180\n [<000000009083ac41>] __device_attach+0x1e5/0x2d0\n [<0000000015b4a830>] bus_probe_device+0x126/0x140\n [<000000007813deaf>] device_add+0x810/0x1130\n [<000000007becb867>] i2c_new_client_device+0x386/0x540\n [<000000007f9cf4b4>] of_i2c_register_device+0xf1/0x110\n [<00000000ebfdd032>] of_i2c_notify+0xfc/0x1f0\n\nov5675_init_controls() won't clean all the allocated resources in fail\npath, which may causes the memleaks. Add v4l2_ctrl_handler_free() to\nprevent memleak."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/media/i2c/ov5675.c"], "versions": [{"version": "bf27502b1f3bf8095bf81736e506d354a2ce9ec4", "lessThan": "086a80b842bcb621d6c4eedad20683f1f674d0c2", "status": "affected", "versionType": "git"}, {"version": "bf27502b1f3bf8095bf81736e506d354a2ce9ec4", "lessThan": "bcae9115a163198dce9126aa8bedc1c007ec30ed", "status": "affected", "versionType": "git"}, {"version": "bf27502b1f3bf8095bf81736e506d354a2ce9ec4", "lessThan": "ba54908ae8225d58f1830edb394d4153bcb7d0aa", "status": "affected", "versionType": "git"}, {"version": "bf27502b1f3bf8095bf81736e506d354a2ce9ec4", "lessThan": "49b849824b9862f177fc77fc92ef95ec54566ecf", "status": "affected", "versionType": "git"}, {"version": "bf27502b1f3bf8095bf81736e506d354a2ce9ec4", "lessThan": "7a36a6be694df87d019663863b922913947b42af", "status": "affected", "versionType": "git"}, {"version": "bf27502b1f3bf8095bf81736e506d354a2ce9ec4", "lessThan": "dd74ed6c213003533e3abf4c204374ef01d86978", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/media/i2c/ov5675.c"], "versions": [{"version": "5.4", "status": "affected"}, {"version": "0", "lessThan": "5.4", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.235", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.173", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.99", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.16", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.2.3", "lessThanOrEqual": "6.2.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.3", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4", "versionEndExcluding": "5.4.235"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4", "versionEndExcluding": "5.10.173"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4", "versionEndExcluding": "5.15.99"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4", "versionEndExcluding": "6.1.16"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4", "versionEndExcluding": "6.2.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4", "versionEndExcluding": "6.3"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/086a80b842bcb621d6c4eedad20683f1f674d0c2"}, {"url": "https://git.kernel.org/stable/c/bcae9115a163198dce9126aa8bedc1c007ec30ed"}, {"url": "https://git.kernel.org/stable/c/ba54908ae8225d58f1830edb394d4153bcb7d0aa"}, {"url": "https://git.kernel.org/stable/c/49b849824b9862f177fc77fc92ef95ec54566ecf"}, {"url": "https://git.kernel.org/stable/c/7a36a6be694df87d019663863b922913947b42af"}, {"url": "https://git.kernel.org/stable/c/dd74ed6c213003533e3abf4c204374ef01d86978"}], "title": "media: ov5675: Fix memleak in ov5675_init_controls()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: ov5675: Fix memleak in ov5675_init_controls()\n\nThere is a kmemleak when testing the media/i2c/ov5675.c with bpf mock\ndevice:\n\nAssertionError: unreferenced object 0xffff888107362160 (size 16):\n comm \"python3\", pid 277, jiffies 4294832798 (age 20.722s)\n hex dump (first 16 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [<00000000abe7d67c>] __kmalloc_node+0x44/0x1b0\n [<000000008a725aac>] kvmalloc_node+0x34/0x180\n [<000000009a53cd11>] v4l2_ctrl_handler_init_class+0x11d/0x180\n[videodev]\n [<0000000055b46db0>] ov5675_probe+0x38b/0x897 [ov5675]\n [<00000000153d886c>] i2c_device_probe+0x28d/0x680\n [<000000004afb7e8f>] really_probe+0x17c/0x3f0\n [<00000000ff2f18e4>] __driver_probe_device+0xe3/0x170\n [<000000000a001029>] driver_probe_device+0x49/0x120\n [<00000000e39743c7>] __device_attach_driver+0xf7/0x150\n [<00000000d32fd070>] bus_for_each_drv+0x114/0x180\n [<000000009083ac41>] __device_attach+0x1e5/0x2d0\n [<0000000015b4a830>] bus_probe_device+0x126/0x140\n [<000000007813deaf>] device_add+0x810/0x1130\n [<000000007becb867>] i2c_new_client_device+0x386/0x540\n [<000000007f9cf4b4>] of_i2c_register_device+0xf1/0x110\n [<00000000ebfdd032>] of_i2c_notify+0xfc/0x1f0\n\nov5675_init_controls() won't clean all the allocated resources in fail\npath, which may causes the memleaks. Add v4l2_ctrl_handler_free() to\nprevent memleak."}], "id": "CVE-2023-54208", "lastModified": "2026-04-15T00:35:42.020", "metrics": {}, "published": "2025-12-30T13:16:08.977", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/086a80b842bcb621d6c4eedad20683f1f674d0c2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/49b849824b9862f177fc77fc92ef95ec54566ecf"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7a36a6be694df87d019663863b922913947b42af"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ba54908ae8225d58f1830edb394d4153bcb7d0aa"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/bcae9115a163198dce9126aa8bedc1c007ec30ed"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/dd74ed6c213003533e3abf4c204374ef01d86978"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Deferred"}

{"bugzilla": {"description": "kernel: media: ov5675: Fix memleak in ov5675_init_controls()", "id": "2426048", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2426048"}, "csaw": false, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nmedia: ov5675: Fix memleak in ov5675_init_controls()\nThere is a kmemleak when testing the media/i2c/ov5675.c with bpf mock\ndevice:\nAssertionError: unreferenced object 0xffff888107362160 (size 16):\ncomm \"python3\", pid 277, jiffies 4294832798 (age 20.722s)\nhex dump (first 16 bytes):\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\nbacktrace:\n[<00000000abe7d67c>] __kmalloc_node+0x44/0x1b0\n[<000000008a725aac>] kvmalloc_node+0x34/0x180\n[<000000009a53cd11>] v4l2_ctrl_handler_init_class+0x11d/0x180\n[videodev]\n[<0000000055b46db0>] ov5675_probe+0x38b/0x897 [ov5675]\n[<00000000153d886c>] i2c_device_probe+0x28d/0x680\n[<000000004afb7e8f>] really_probe+0x17c/0x3f0\n[<00000000ff2f18e4>] __driver_probe_device+0xe3/0x170\n[<000000000a001029>] driver_probe_device+0x49/0x120\n[<00000000e39743c7>] __device_attach_driver+0xf7/0x150\n[<00000000d32fd070>] bus_for_each_drv+0x114/0x180\n[<000000009083ac41>] __device_attach+0x1e5/0x2d0\n[<0000000015b4a830>] bus_probe_device+0x126/0x140\n[<000000007813deaf>] device_add+0x810/0x1130\n[<000000007becb867>] i2c_new_client_device+0x386/0x540\n[<000000007f9cf4b4>] of_i2c_register_device+0xf1/0x110\n[<00000000ebfdd032>] of_i2c_notify+0xfc/0x1f0\nov5675_init_controls() won't clean all the allocated resources in fail\npath, which may causes the memleaks. Add v4l2_ctrl_handler_free() to\nprevent memleak."], "name": "CVE-2023-54208", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-12-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-54208\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-54208\nhttps://lore.kernel.org/linux-cve-announce/2025123023-CVE-2023-54208-e263@gregkh/T"], "threat_severity": "Moderate"}

{}