DEBIAN-CVE-2022-50378

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2022-50378

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2022-50378.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2022-50378

Upstream

CVE-2022-50378

Published

2025-09-18T14:15:36Z

Modified

2025-09-25T02:26:02.880282Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved: drm/meson: reorder driver deinit sequence to fix use-after-free bug Unloading the driver triggers the following KASAN warning: [ +0.006275] ============================================================= [ +0.000029] BUG: KASAN: use-after-free in listdelentryvalid+0xe0/0x1a0 [ +0.000026] Read of size 8 at addr ffff000020c395e0 by task rmmod/2695 [ +0.000019] CPU: 5 PID: 2695 Comm: rmmod Tainted: G C O 5.19.0-rc6-lrmbkasan+ #1 [ +0.000013] Hardware name: Hardkernel ODROID-N2Plus (DT) [ +0.000008] Call trace: [ +0.000007] dumpbacktrace+0x1ec/0x280 [ +0.000013] showstack+0x24/0x80 [ +0.000008] dumpstacklvl+0x98/0xd4 [ +0.000011] printaddressdescription.constprop.0+0x80/0x520 [ +0.000011] printreport+0x128/0x260 [ +0.000007] kasanreport+0xb8/0xfc [ +0.000008] _asanreportload8noabort+0x3c/0x50 [ +0.000010] _listdelentryvalid+0xe0/0x1a0 [ +0.000009] drmatomicprivateobjfini+0x30/0x200 [drm] [ +0.000172] drmbridgedetach+0x94/0x260 [drm] [ +0.000145] drmencodercleanup+0xa4/0x290 [drm] [ +0.000144] drmmodeconfigcleanup+0x118/0x740 [drm] [ +0.000143] drmmodeconfiginitrelease+0x1c/0x2c [drm] [ +0.000144] drmmanagedrelease+0x170/0x414 [drm] [ +0.000142] drmdevput.part.0+0xc0/0x124 [drm] [ +0.000143] drmdevput+0x20/0x30 [drm] [ +0.000142] mesondrvunbind+0x1d8/0x2ac [mesondrm] [ +0.000028] takedownaggregatedevice+0xb0/0x160 [ +0.000016] componentdel+0x18c/0x360 [ +0.000009] mesondwhdmiremove+0x28/0x40 [mesondwhdmi] [ +0.000015] platformremove+0x64/0xb0 [ +0.000009] deviceremove+0xb8/0x154 [ +0.000009] devicereleasedriverinternal+0x398/0x5b0 [ +0.000009] driverdetach+0xac/0x1b0 [ +0.000009] busremovedriver+0x158/0x29c [ +0.000009] driverunregister+0x70/0xb0 [ +0.000008] platformdriverunregister+0x20/0x2c [ +0.000008] mesondwhdmiplatformdriverexit+0x1c/0x30 [mesondwhdmi] [ +0.000012] _dosysdeletemodule+0x288/0x400 [ +0.000011] _arm64sysdeletemodule+0x5c/0x80 [ +0.000009] invokesyscall+0x74/0x260 [ +0.000009] el0svccommon.constprop.0+0xcc/0x260 [ +0.000009] doel0svc+0x50/0x70 [ +0.000007] el0svc+0x68/0x1a0 [ +0.000012] el0t64synchandler+0x11c/0x150 [ +0.000008] el0t64sync+0x18c/0x190 [ +0.000018] Allocated by task 0: [ +0.000007] (stack is not available) [ +0.000011] Freed by task 2695: [ +0.000008] kasansavestack+0x2c/0x5c [ +0.000011] kasansettrack+0x2c/0x40 [ +0.000008] kasansetfreeinfo+0x28/0x50 [ +0.000009] kasanslabfree+0x128/0x1d4 [ +0.000008] _kasanslabfree+0x18/0x24 [ +0.000007] slabfreefreelisthook+0x108/0x230 [ +0.000011] kfree+0x110/0x35c [ +0.000008] releasenodes+0xf0/0x16c [ +0.000009] devresreleasegroup+0x180/0x270 [ +0.000008] componentunbind+0x128/0x1e0 [ +0.000010] componentunbindall+0x1b8/0x264 [ +0.000009] mesondrvunbind+0x1a0/0x2ac [mesondrm] [ +0.000025] takedownaggregatedevice+0xb0/0x160 [ +0.000009] componentdel+0x18c/0x360 [ +0.000009] mesondwhdmiremove+0x28/0x40 [mesondwhdmi] [ +0.000012] platformremove+0x64/0xb0 [ +0.000008] deviceremove+0xb8/0x154 [ +0.000009] devicereleasedriverinternal+0x398/0x5b0 [ +0.000009] driverdetach+0xac/0x1b0 [ +0.000009] busremovedriver+0x158/0x29c [ +0.000008] driverunregister+0x70/0xb0 [ +0.000008] platformdriverunregister+0x20/0x2c [ +0.000008] mesondwhdmiplatformdriverexit+0x1c/0x30 [mesondwhdmi] [ +0.000011] _dosysdeletemodule+0x288/0x400 [ +0.000010] _arm64sysdeletemodule+0x5c/0x80 [ +0.000008] invokesyscall+0x74/0x260 [ +0.000008] el0svccommon.constprop.0+0xcc/0x260 [ +0.000008] doel0svc+0x50/0x70 [ +0.000007] el0svc+0x68/0x1a0 [ +0.000009] el0t64synchandler+0x11c/0x150 [ +0.000009] el0t64_sync+0x18c/0x190 [ +0.000014] The buggy address belongs to the object at ffff000020c39000 ---truncated---

References

https://security-tracker.debian.org/tracker/CVE-2022-50378

Affected packages

Debian:11 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.10.46-4

5.10.46-5

5.10.70-1~bpo10+1

5.10.70-1

5.10.84-1

5.10.92-1~bpo10+1

5.10.92-1

5.10.92-2

5.10.103-1~bpo10+1

5.10.103-1

5.10.106-1

5.10.113-1

5.10.120-1~bpo10+1

5.10.120-1

5.10.127-1

5.10.127-2~bpo10+1

5.10.127-2

5.10.136-1

5.10.140-1

5.10.148-1

5.10.149-1

5.10.149-2

5.10.158-1

5.10.158-2

5.10.162-1

5.10.178-1

5.10.178-2

5.10.178-3

5.10.179-1

5.10.179-2

5.10.179-3

5.10.179-4

5.10.179-5

5.10.191-1

5.10.197-1

5.10.205-1

5.10.205-2

5.10.209-1

5.10.209-2

5.10.216-1

5.10.218-1

5.10.221-1

5.10.223-1

5.10.226-1

5.10.234-1

5.10.237-1

5.13.9-1~exp1

5.13.9-1~exp2

5.13.12-1~exp1

5.14-1~exp1

5.14-1~exp2

5.14.1-1~exp1

5.14.2-1~exp1

5.14.3-1~exp1

5.14.6-1

5.14.6-2

5.14.6-3

5.14.9-1

5.14.9-2~bpo11+1

5.14.9-2

5.14.12-1

5.14.16-1

5.15-1~exp1

5.15.1-1~exp1

5.15.2-1~exp1

5.15.3-1

5.15.5-1

5.15.5-2~bpo11+1

5.15.5-2

5.15.15-1

5.15.15-2~bpo11+1

5.15.15-2

5.16~rc1-1~exp1

5.16~rc3-1~exp1

5.16~rc4-1~exp1

5.16~rc5-1~exp1

5.16~rc6-1~exp1

5.16~rc7-1~exp1

5.16~rc8-1~exp1

5.16.3-1~exp1

5.16.4-1~exp1

5.16.7-1

5.16.7-2

5.16.10-1

5.16.11-1~bpo11+1

5.16.11-1

5.16.12-1~bpo11+1

5.16.12-1

5.16.14-1

5.16.18-1

5.17~rc3-1~exp1

5.17~rc4-1~exp1

5.17~rc5-1~exp1

5.17~rc6-1~exp1

5.17~rc7-1~exp1

5.17~rc8-1~exp1

5.17.1-1~exp1

5.17.3-1

5.17.6-1

5.17.11-1

5.18-1~exp1

5.18.2-1~bpo11+1

5.18.2-1

5.18.5-1

5.18.14-1~bpo11+1

5.18.14-1

5.18.16-1~bpo11+1

5.18.16-1

5.19~rc4-1~exp1

5.19~rc6-1~exp1

5.19-1~exp1

5.19.6-1

5.19.11-1~bpo11+1

5.19.11-1

6.*

6.0~rc7-1~exp1

6.0-1~exp1

6.0.2-1

6.0.3-1~bpo11+1

6.0.3-1

6.0.5-1

6.0.6-1

6.0.6-2

6.0.7-1

6.0.8-1

6.0.10-1

6.0.10-2

6.0.12-1~bpo11+1

6.0.12-1

6.0.12-1+alpha

6.1~rc3-1~exp1

6.1~rc5-1~exp1

6.1~rc6-1~exp1

6.1~rc7-1~exp1

6.1~rc8-1~exp1

6.1.1-1~exp1

6.1.1-1~exp2

6.1.2-1~exp1

6.1.4-1

6.1.7-1

6.1.8-1

6.1.8-1+sh4

6.1.11-1

6.1.12-1~bpo11+1

6.1.12-1

6.1.15-1~bpo11+1

6.1.15-1

6.1.20-1~bpo11+1

6.1.20-1

6.1.20-2~bpo11+1

6.1.20-2

6.1.25-1

6.1.27-1~bpo11+1

6.1.27-1

6.1.37-1

6.1.38-1

6.1.38-2~bpo11+1

6.1.38-2

6.1.38-3

6.1.38-4~bpo11+1

6.1.38-4

6.1.52-1

6.1.55-1~bpo11+1

6.1.55-1

6.1.64-1

6.1.66-1

6.1.67-1

6.1.69-1~bpo11+1

6.1.69-1

6.1.76-1~bpo11+1

6.1.76-1

6.1.82-1

6.1.85-1

6.1.90-1~bpo11+1

6.1.90-1

6.1.94-1~bpo11+1

6.1.94-1

6.1.98-1

6.1.99-1

6.1.106-1

6.1.106-2

6.1.106-3

6.1.112-1

6.1.115-1

6.1.119-1

6.1.123-1

6.1.124-1

6.1.128-1

6.1.129-1

6.1.133-1

6.1.135-1

6.1.137-1

6.1.139-1

6.1.140-1

6.1.147-1

6.1.148-1

6.1.153-1

6.3.1-1~exp1

6.3.2-1~exp1

6.3.4-1~exp1

6.3.5-1~exp1

6.3.7-1~bpo12+1

6.3.7-1

6.3.11-1

6.4~rc6-1~exp1

6.4~rc7-1~exp1

6.4.1-1~exp1

6.4.4-1~bpo12+1

6.4.4-1

6.4.4-2

6.4.4-3~bpo12+1

6.4.4-3

6.4.11-1

6.4.13-1

6.5~rc4-1~exp1

6.5~rc6-1~exp1

6.5~rc7-1~exp1

6.5.1-1~exp1

6.5.3-1~bpo12+1

6.5.3-1

6.5.6-1

6.5.8-1

6.5.10-1~bpo12+1

6.5.10-1

6.5.13-1

6.6.3-1~exp1

6.6.4-1~exp1

6.6.7-1~exp1

6.6.8-1

6.6.9-1

6.6.11-1

6.6.13-1~bpo12+1

6.6.13-1

6.6.15-1

6.6.15-2

6.7-1~exp1

6.7.1-1~exp1

6.7.4-1~exp1

6.7.7-1

6.7.9-1

6.7.9-2

6.7.12-1~bpo12+1

6.7.12-1

6.8.9-1

6.8.11-1

6.8.12-1~bpo12+1

6.8.12-1

6.9.2-1~exp1

6.9.7-1~bpo12+1

6.9.7-1

6.9.8-1

6.9.9-1

6.9.10-1~bpo12+1

6.9.10-1

6.9.11-1

6.9.12-1

6.10-1~exp1

6.10.1-1~exp1

6.10.3-1

6.10.4-1

6.10.6-1~bpo12+1

6.10.6-1

6.10.7-1

6.10.9-1

6.10.11-1~bpo12+1

6.10.11-1

6.10.12-1

6.11~rc4-1~exp1

6.11~rc5-1~exp1

6.11-1~exp1

6.11.2-1

6.11.4-1

6.11.5-1~bpo12+1

6.11.5-1

6.11.6-1

6.11.7-1

6.11.9-1

6.11.10-1~bpo12+1

6.11.10-1

6.12~rc6-1~exp1

6.12.3-1

6.12.5-1

6.12.6-1

6.12.8-1

6.12.9-1~bpo12+1

6.12.9-1

6.12.9-1+alpha

6.12.10-1

6.12.11-1

6.12.11-1+alpha

6.12.11-1+alpha.1

6.12.12-1~bpo12+1

6.12.12-1

6.12.13-1

6.12.15-1

6.12.16-1

6.12.17-1

6.12.19-1

6.12.20-1

6.12.21-1

6.12.22-1~bpo12+1

6.12.22-1

6.12.25-1

6.12.27-1~bpo12+1

6.12.27-1

6.12.29-1

6.12.30-1~bpo12+1

6.12.30-1

6.12.31-1

6.12.32-1~bpo12+1

6.12.32-1

6.12.33-1~bpo12+1

6.12.33-1

6.12.35-1~bpo12+1

6.12.35-1

6.12.37-1

6.12.38-1~bpo12+1

6.12.38-1

6.12.41-1

6.12.43-1~bpo12+1

6.12.43-1

6.12.48-1

6.13~rc6-1~exp1

6.13~rc7-1~exp1

6.13.2-1~exp1

6.13.3-1~exp1

6.13.4-1~exp1

6.13.5-1~exp1

6.13.6-1~exp1

6.13.7-1~exp1

6.13.8-1~exp1

6.13.9-1~exp1

6.13.10-1~exp1

6.13.11-1~exp1

6.14.3-1~exp1

6.14.5-1~exp1

6.14.6-1~exp1

6.15~rc7-1~exp1

6.15-1~exp1

6.15.1-1~exp1

6.15.2-1~exp1

6.15.3-1~exp1

6.15.4-1~exp1

6.15.5-1~exp1

6.15.6-1~exp1

6.16~rc7-1~exp1

6.16-1~exp1

6.16.1-1~exp1

6.16.3-1~bpo13+1

6.16.3-1

6.16.5-1

6.16.6-1

6.16.7-1

6.16.8-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.0.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.0.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.0.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}