CVE-2022-50359
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: cx88: Fix a null-ptr-deref bug in buffer_prepare()
When the driver calls cx88_risc_buffer() to prepare the buffer, the function call may fail, resulting in a empty buffer and null-ptr-deref later in buffer_queue().
The following log can reveal it:
[ 41.822762] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI [ 41.824488] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 41.828027] RIP: 0010:buffer_queue+0xc2/0x500 [ 41.836311] Call Trace: [ 41.836945] __enqueue_in_driver+0x141/0x360 [ 41.837262] vb2_start_streaming+0x62/0x4a0 [ 41.838216] vb2_core_streamon+0x1da/0x2c0 [ 41.838516] __vb2_init_fileio+0x981/0xbc0 [ 41.839141] __vb2_perform_fileio+0xbf9/0x1120 [ 41.840072] vb2_fop_read+0x20e/0x400 [ 41.840346] v4l2_read+0x215/0x290 [ 41.840603] vfs_read+0x162/0x4c0
Fix this by checking the return value of cx88_risc_buffer()
[hverkuil: fix coding style issues]
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < c76d04d2079a4b7369ce9a0e859c0f3f2250bcc1 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 10c99d1c46ea9cd940029e17bab11d021f315c21 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 4befc7ffa18ef9a4b70d854465313a345a06862f | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 9181af2dbf06e7f432e5dbe88d10b22343e851b9 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < c2257c8a501537afab276c306cb717b7260276e1 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 6f21976095c1e92454ab030976f95f40d652351b | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 704838040f3bdb4aa07ff4f26505a666a3defcfe | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 644d5a87ab1863eb606526ea743021752a17e9cb | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 2b064d91440b33fba5b452f2d1b31f13ae911d71 | affected |
| Linux | Linux | 2.6.12 | affected |
| Linux | Linux | 0 < 2.6.12 | unaffected |
| Linux | Linux | 4.9.331 <= 4.9.* | unaffected |
| Linux | Linux | 4.14.296 <= 4.14.* | unaffected |
| Linux | Linux | 4.19.262 <= 4.19.* | unaffected |
| Linux | Linux | 5.4.220 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.150 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.75 <= 5.15.* | unaffected |
| Linux | Linux | 5.19.17 <= 5.19.* | unaffected |
| Linux | Linux | 6.0.3 <= 6.0.* | unaffected |
| Linux | Linux | 6.1 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/c76d04d2079a4b7369ce9a0e859c0f3f2250bcc1
- https://git.kernel.org/stable/c/10c99d1c46ea9cd940029e17bab11d021f315c21
- https://git.kernel.org/stable/c/4befc7ffa18ef9a4b70d854465313a345a06862f
- https://git.kernel.org/stable/c/9181af2dbf06e7f432e5dbe88d10b22343e851b9
- https://git.kernel.org/stable/c/c2257c8a501537afab276c306cb717b7260276e1
- https://git.kernel.org/stable/c/6f21976095c1e92454ab030976f95f40d652351b
- https://git.kernel.org/stable/c/704838040f3bdb4aa07ff4f26505a666a3defcfe
- https://git.kernel.org/stable/c/644d5a87ab1863eb606526ea743021752a17e9cb
- https://git.kernel.org/stable/c/2b064d91440b33fba5b452f2d1b31f13ae911d71
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.