CVE-2022-50317

Summary

In the Linux kernel, the following vulnerability has been resolved:

drm/bridge: megachips: Fix a null pointer dereference bug

When removing the module we will get the following warning:

[ 31.911505] i2c-core: driver [stdp2690-ge-b850v3-fw] unregistered [ 31.912484] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI [ 31.913338] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] [ 31.915280] RIP: 0010:drm_bridge_remove+0x97/0x130 [ 31.921825] Call Trace: [ 31.922533] stdp4028_ge_b850v3_fw_remove+0x34/0x60 [megachips_stdpxxxx_ge_b850v3_fw] [ 31.923139] i2c_device_remove+0x181/0x1f0

The two bridges (stdp2690, stdp4028) do not probe at the same time, so the driver does not call ge_b850v3_resgiter() when probing, causing the driver to try to remove the object that has not been initialized.

Fix this by checking whether both the bridges are probed.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux7649972d97fb98578fbc4a351416cf72895e7c4d < aaa512ad1e59f2edf8a9e4f2b167a44b24670679affected
LinuxLinux16e3827904932eccfba0915f0c93b519de3536ac < 5bc20bafcd87ba0858ab772cefc7047cb51bc249affected
LinuxLinux50ad94f8654a53ec9ca3604a7a23cbaf166e0119 < 1daf69228e310938177119c4eadcd30fc75c81e0affected
LinuxLinuxb8d10f601f226f055df8b5368d7ea7f369136cd5 < 877e92e9b1bdeb580b31a46061005936be902cd4affected
LinuxLinux405856460d3e7aefb7c1aef047ec88fc4ef2e2a5 < 4610e7a4111fa3f3ce27c09d6d94008c55f1cd31affected
LinuxLinux11632d4aa2b3f126790e81a4415d6c23103cf8bb < 21764467ab396d9f08921e0a5ffa1214244e1ad9affected
LinuxLinux11632d4aa2b3f126790e81a4415d6c23103cf8bb < 7371fad5cfe6eada6bb5523c895fd6074b15c2b9affected
LinuxLinux11632d4aa2b3f126790e81a4415d6c23103cf8bb < 1ff673333d46d2c1b053ebd0c1c7c7c79e36943eaffected
LinuxLinuxe449461989f0674f188d30494ffd3f5ba74c1a05affected
LinuxLinux4.14.263 < 4.14.296affected
LinuxLinux4.19.226 < 4.19.262affected
LinuxLinux5.4.174 < 5.4.220affected
LinuxLinux5.10.94 < 5.10.150affected
LinuxLinux5.15.17 < 5.15.75affected
LinuxLinux5.16.3 < 5.17affected
LinuxLinux5.17affected
LinuxLinux0 < 5.17unaffected
LinuxLinux4.14.296 <= 4.14.*unaffected
LinuxLinux4.19.262 <= 4.19.*unaffected
LinuxLinux5.4.220 <= 5.4.*unaffected
LinuxLinux5.10.150 <= 5.10.*unaffected
LinuxLinux5.15.75 <= 5.15.*unaffected
LinuxLinux5.19.17 <= 5.19.*unaffected
LinuxLinux6.0.3 <= 6.0.*unaffected
LinuxLinux6.1 <= *unaffected

Weaknesses

References