In the Linux kernel, the following vulnerability has been resolved:
media: atomisp: sshcss: Fix a null-pointer dereference in loadvideo_binaries
The allocation failure of mycs->yuvscalerbinary in loadvideobinaries() is followed with a dereference of mycs->yuvscalerbinary after the following call chain:
shcsspipeloadbinaries() |-> loadvideobinaries(mycs->yuvscalerbinary == NULL) | |-> shcsspipeunloadbinaries() |-> unloadvideobinaries()
In unloadvideobinaries(), it calls to iacssbinaryunload with argument &pipe->pipesettings.video.yuvscalerbinary[i], which refers to the same memory slot as mycs->yuvscalerbinary. Thus, a null-pointer dereference is triggered.