CVE-2022-50383

Summary

In the Linux kernel, the following vulnerability has been resolved:

media: mediatek: vcodec: Can't set dst buffer to done when lat decode error

Core thread will call v4l2_m2m_buf_done to set dst buffer done for lat architecture. If lat call v4l2_m2m_buf_done_and_job_finish to free dst buffer when lat decode error, core thread will access kernel NULL pointer dereference, then crash.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux7b182b8d9c852343fb34923a2d1b4e61421b37c7 < eeb090420f3477eb5011586709409fc655c2b16caffected
LinuxLinux7b182b8d9c852343fb34923a2d1b4e61421b37c7 < 66d26ed30056e7d2da3e9c14125ffe6049a4f907affected
LinuxLinux7b182b8d9c852343fb34923a2d1b4e61421b37c7 < 3568ecd3f3a6d133ab7feffbba34955c8c79bbc4affected
LinuxLinux5.19affected
LinuxLinux0 < 5.19unaffected
LinuxLinux6.0.16 <= 6.0.*unaffected
LinuxLinux6.1.2 <= 6.1.*unaffected
LinuxLinux6.2 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References