| The vulnerability resides in the `ipu3-v4l2.c` file within the Linux kernel's staging/intel-ipu3 driver. Specifically, it affects the handling of errors during the `set_fmt` operation. When an error occurs during this process, the previous sizes are overwritten with invalid configuration data. This can lead to severe consequences, including the allocation of 4GiB of RAM and subsequent Out-of-Page (OOPs) errors. |
| |
| The vulnerability was introduced in kernel version 5.2 with commit `6d5f26f2e045` and has been fixed in various subsequent versions, including 5.4.118, 5.10.36, 5.11.20, 5.12.3, and 5.13. |
| |
| The fix involves ensuring that the previous sizes are not overwritten with invalid configuration data when an error occurs during `set_fmt`. This prevents the allocation of excessive amounts of RAM and the subsequent OOPs errors. |
| |
| To mitigate this vulnerability, it is recommended to update to the latest stable kernel version. If updating is impossible, individual changes can be cherry-picked from the commits listed in the advisory. However, the Linux kernel community does not support or recommend cherry-picking individual commits, as they are never tested alone but rather as part of a larger kernel release. |
| |
