CVE-2022-49960

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-49960
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49960.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-49960
Downstream
Related
Published
2025-06-18T11:00:21Z
Modified
2025-10-16T01:54:39.487786Z
Summary
drm/i915: fix null pointer dereference
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/i915: fix null pointer dereference

Asus chromebook CX550 crashes during boot on v5.17-rc1 kernel. The root cause is null pointer defeference of binext in tglgetbwinfo() in drivers/gpu/drm/i915/display/intel_bw.c.

BUG: kernel NULL pointer dereference, address: 000000000000002e PGD 0 P4D 0 Oops: 0002 [#1] PREEMPT SMP NOPTI CPU: 0 PID: 1 Comm: swapper/0 Tainted: G U 5.17.0-rc1 Hardware name: Google Delbin/Delbin, BIOS GoogleDelbin.13672.156.3 05/14/2021 RIP: 0010:tglgetbwinfo+0x2de/0x510 ... [ 2.554467] Call Trace: [ 2.554467] <TASK> [ 2.554467] intelbwinithw+0x14a/0x434 [ 2.554467] ? _printk+0x59/0x73 [ 2.554467] ? _deverr+0x77/0x91 [ 2.554467] i915driverhwprobe+0x329/0x33e [ 2.554467] i915driverprobe+0x4c8/0x638 [ 2.554467] i915pciprobe+0xf8/0x14e [ 2.554467] ? _rawspinunlockirqrestore+0x12/0x2c [ 2.554467] pcideviceprobe+0xaa/0x142 [ 2.554467] reallyprobe+0x13f/0x2f4 [ 2.554467] _driverprobedevice+0x9e/0xd3 [ 2.554467] driverprobedevice+0x24/0x7c [ 2.554467] _driverattach+0xba/0xcf [ 2.554467] ? driverattach+0x1f/0x1f [ 2.554467] busforeachdev+0x8c/0xc0 [ 2.554467] busadddriver+0x11b/0x1f7 [ 2.554467] driverregister+0x60/0xea [ 2.554467] ? mipidsibusinit+0x16/0x16 [ 2.554467] i915init+0x2c/0xb9 [ 2.554467] ? mipidsibusinit+0x16/0x16 [ 2.554467] dooneinitcall+0x12e/0x2b3 [ 2.554467] doinitcalllevel+0xd6/0xf3 [ 2.554467] doinitcalls+0x4e/0x79 [ 2.554467] kernelinitfreeable+0xed/0x14d [ 2.554467] ? restinit+0xc1/0xc1 [ 2.554467] kernelinit+0x1a/0x120 [ 2.554467] retfrom_fork+0x1f/0x30 [ 2.554467] </TASK> ... Kernel panic - not syncing: Fatal exception

(cherry picked from commit c247cd03898c4c43c3bce6d4014730403bc13032)

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
c64a9a7c05beb2b71b7496d873654f88e1a08593
Fixed
c2798203315f4729bab0b917bf4c17a159abf9f8
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
c64a9a7c05beb2b71b7496d873654f88e1a08593
Fixed
458ec0c8f35963626ccd51c3d50b752de5f1b9d4

Affected versions

v5.*

v5.15
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v5.19.1
v5.19.2
v5.19.3
v5.19.4
v5.19.5
v5.19.6
v5.19.7

v6.*

v6.0-rc1
v6.0-rc2

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.17.0
Fixed
5.19.8