CVE-2022-50317
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/bridge: megachips: Fix a null pointer dereference bug
When removing the module we will get the following warning:
[ 31.911505] i2c-core: driver [stdp2690-ge-b850v3-fw] unregistered [ 31.912484] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI [ 31.913338] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] [ 31.915280] RIP: 0010:drm_bridge_remove+0x97/0x130 [ 31.921825] Call Trace: [ 31.922533] stdp4028_ge_b850v3_fw_remove+0x34/0x60 [megachips_stdpxxxx_ge_b850v3_fw] [ 31.923139] i2c_device_remove+0x181/0x1f0
The two bridges (stdp2690, stdp4028) do not probe at the same time, so the driver does not call ge_b850v3_resgiter() when probing, causing the driver to try to remove the object that has not been initialized.
Fix this by checking whether both the bridges are probed.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 7649972d97fb98578fbc4a351416cf72895e7c4d < aaa512ad1e59f2edf8a9e4f2b167a44b24670679 | affected |
| Linux | Linux | 16e3827904932eccfba0915f0c93b519de3536ac < 5bc20bafcd87ba0858ab772cefc7047cb51bc249 | affected |
| Linux | Linux | 50ad94f8654a53ec9ca3604a7a23cbaf166e0119 < 1daf69228e310938177119c4eadcd30fc75c81e0 | affected |
| Linux | Linux | b8d10f601f226f055df8b5368d7ea7f369136cd5 < 877e92e9b1bdeb580b31a46061005936be902cd4 | affected |
| Linux | Linux | 405856460d3e7aefb7c1aef047ec88fc4ef2e2a5 < 4610e7a4111fa3f3ce27c09d6d94008c55f1cd31 | affected |
| Linux | Linux | 11632d4aa2b3f126790e81a4415d6c23103cf8bb < 21764467ab396d9f08921e0a5ffa1214244e1ad9 | affected |
| Linux | Linux | 11632d4aa2b3f126790e81a4415d6c23103cf8bb < 7371fad5cfe6eada6bb5523c895fd6074b15c2b9 | affected |
| Linux | Linux | 11632d4aa2b3f126790e81a4415d6c23103cf8bb < 1ff673333d46d2c1b053ebd0c1c7c7c79e36943e | affected |
| Linux | Linux | e449461989f0674f188d30494ffd3f5ba74c1a05 | affected |
| Linux | Linux | 4.14.263 < 4.14.296 | affected |
| Linux | Linux | 4.19.226 < 4.19.262 | affected |
| Linux | Linux | 5.4.174 < 5.4.220 | affected |
| Linux | Linux | 5.10.94 < 5.10.150 | affected |
| Linux | Linux | 5.15.17 < 5.15.75 | affected |
| Linux | Linux | 5.16.3 < 5.17 | affected |
| Linux | Linux | 5.17 | affected |
| Linux | Linux | 0 < 5.17 | unaffected |
| Linux | Linux | 4.14.296 <= 4.14.* | unaffected |
| Linux | Linux | 4.19.262 <= 4.19.* | unaffected |
| Linux | Linux | 5.4.220 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.150 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.75 <= 5.15.* | unaffected |
| Linux | Linux | 5.19.17 <= 5.19.* | unaffected |
| Linux | Linux | 6.0.3 <= 6.0.* | unaffected |
| Linux | Linux | 6.1 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/aaa512ad1e59f2edf8a9e4f2b167a44b24670679
- https://git.kernel.org/stable/c/5bc20bafcd87ba0858ab772cefc7047cb51bc249
- https://git.kernel.org/stable/c/1daf69228e310938177119c4eadcd30fc75c81e0
- https://git.kernel.org/stable/c/877e92e9b1bdeb580b31a46061005936be902cd4
- https://git.kernel.org/stable/c/4610e7a4111fa3f3ce27c09d6d94008c55f1cd31
- https://git.kernel.org/stable/c/21764467ab396d9f08921e0a5ffa1214244e1ad9
- https://git.kernel.org/stable/c/7371fad5cfe6eada6bb5523c895fd6074b15c2b9
- https://git.kernel.org/stable/c/1ff673333d46d2c1b053ebd0c1c7c7c79e36943e
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.