CVE-2022-50888

Summary

In the Linux kernel, the following vulnerability has been resolved:

remoteproc: qcom: q6v5: Fix potential null-ptr-deref in q6v5_wcss_init_mmio()

q6v5_wcss_init_mmio() will call platform_get_resource_byname() that may fail and return NULL. devm_ioremap() will use res->start as input, which may causes null-ptr-deref. Check the ret value of platform_get_resource_byname() to avoid the null-ptr-deref.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux0af65b9b915e52019aee91db3e1f8b39a7ec8d08 < 098ebb9089c4eedea09333f912d105fa63377496affected
LinuxLinux0af65b9b915e52019aee91db3e1f8b39a7ec8d08 < 3afa88ae9911b65702a3aca9d92ea23fe496e56faffected
LinuxLinux0af65b9b915e52019aee91db3e1f8b39a7ec8d08 < 0903a87490a9ed456ac765a84dcc484c1ee42c32affected
LinuxLinux0af65b9b915e52019aee91db3e1f8b39a7ec8d08 < f360e2b275efbb745ba0af8b47d9ef44221be586affected
LinuxLinux5.13affected
LinuxLinux0 < 5.13unaffected
LinuxLinux5.15.86 <= 5.15.*unaffected
LinuxLinux6.0.16 <= 6.0.*unaffected
LinuxLinux6.1.2 <= 6.1.*unaffected
LinuxLinux6.2 <= *unaffected

Weaknesses

References