CVE-2022-50556
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm: Fix potential null-ptr-deref due to drmm_mode_config_init()
drmm_mode_config_init() will call drm_mode_create_standard_properties() and won't check the ret value. When drm_mode_create_standard_properties() failed due to alloc, property will be a NULL pointer and may causes the null-ptr-deref. Fix the null-ptr-deref by adding the ret value check.
Found null-ptr-deref while testing insert module bochs: general protection fault, probably for non-canonical address 0xdffffc000000000c: 0000 [#1] SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000060-0x0000000000000067] CPU: 3 PID: 249 Comm: modprobe Not tainted 6.1.0-rc1+ #364 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014 RIP: 0010:drm_object_attach_property+0x73/0x3c0 [drm] Call Trace: <TASK> __drm_connector_init+0xb6c/0x1100 [drm] bochs_pci_probe.cold.11+0x4cb/0x7fe [bochs] pci_device_probe+0x17d/0x340 really_probe+0x1db/0x5d0 __driver_probe_device+0x1e7/0x250 driver_probe_device+0x4a/0x120 __driver_attach+0xcd/0x2c0 bus_for_each_dev+0x11a/0x1b0 bus_add_driver+0x3d7/0x500 driver_register+0x18e/0x320 do_one_initcall+0xc4/0x3e0 do_init_module+0x1b4/0x630 load_module+0x5dca/0x7230 __do_sys_finit_module+0x100/0x170 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7ff65af9f839
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 6b4959f43a04e12d39c5700607727f2cbcfeac31 < 5ae70041a6d7de62a0cdb2bbcfe0c9cf753035d0 | affected |
| Linux | Linux | 6b4959f43a04e12d39c5700607727f2cbcfeac31 < d06e827a65a6bcd2e329045d891d0739cec1cf4a | affected |
| Linux | Linux | 6b4959f43a04e12d39c5700607727f2cbcfeac31 < b14147464251f66e38fa39f0aae9780466db8610 | affected |
| Linux | Linux | 6b4959f43a04e12d39c5700607727f2cbcfeac31 < 961620ad67611a7320a49f4b6f3c5e2906833a03 | affected |
| Linux | Linux | 6b4959f43a04e12d39c5700607727f2cbcfeac31 < 834c23e4f798dcdc8af251b3c428ceef94741991 | affected |
| Linux | Linux | 4.0 | affected |
| Linux | Linux | 0 < 4.0 | unaffected |
| Linux | Linux | 5.10.173 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.99 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.16 <= 6.1.* | unaffected |
| Linux | Linux | 6.2.3 <= 6.2.* | unaffected |
| Linux | Linux | 6.3 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/5ae70041a6d7de62a0cdb2bbcfe0c9cf753035d0
- https://git.kernel.org/stable/c/d06e827a65a6bcd2e329045d891d0739cec1cf4a
- https://git.kernel.org/stable/c/b14147464251f66e38fa39f0aae9780466db8610
- https://git.kernel.org/stable/c/961620ad67611a7320a49f4b6f3c5e2906833a03
- https://git.kernel.org/stable/c/834c23e4f798dcdc8af251b3c428ceef94741991
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.