CVE-2020-22038: 
Ffmpeg vulnerability analysis and mitigation

A Denial of Service vulnerability (CVE-2020-22038) was discovered in FFmpeg version 4.2. The vulnerability stems from a memory leak in the ffv4l2m2mcreatecontext function located in v4l2_m2m.c. This vulnerability was initially reported in 2020 and has been assigned a CVSS v3.1 base score of 6.5 (Medium) (NVD).

The vulnerability is characterized by a memory leak in the ffv4l2m2mcreatecontext function, which fails to properly release allocated memory after its effective lifetime. The CVSS v3.1 vector string is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H, indicating that the vulnerability can be exploited over the network, requires low attack complexity, needs no privileges, but does require user interaction. The vulnerability affects the availability of the system while having no impact on confidentiality or integrity (Ubuntu).

The primary impact of this vulnerability is a Denial of Service condition through memory resource exhaustion. When exploited, the vulnerability can lead to system resource depletion due to the memory leak, potentially affecting the availability of the system (NVD).

The vulnerability has been fixed in FFmpeg through commit 7c32e9cf93b712f8463573a59ed4e98fd10fa013. Various Linux distributions have released patches to address this vulnerability. Ubuntu has provided fixes through Ubuntu Pro for affected versions, including Ubuntu 20.04 LTS (focal) and 18.04 LTS (bionic) (Ubuntu).