In the Linux kernel, the following vulnerability has been resolved:
drm/radeon: fix a possible null pointer dereference
In radeonfpnativemode(), the return value of drmmodeduplicate() is assigned to mode, which will lead to a NULL pointer dereference on failure of drmmode_duplicate(). Add a check to avoid npd.
The failure status of drmcvtmode() on the other path is checked too.
[ { "digest": { "threshold": 0.9, "line_hashes": [ "143771719937603481667340013906101912156", "209284412227561010432947133955609158092", "264539314440900876013973086624414189179", "260640671311897216059815833053714852753", "19008661916011379632179265161427821077", "174424723901746249167254712378263990902", "165559172793494807526379110287830075810", "238448584789884091288052016944741964671" ] }, "id": "CVE-2022-48710-33bb3de2", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@16a0f0b63c4c7eb46fc4c3f00bf2836e6ee46a9f", "target": { "file": "drivers/gpu/drm/radeon/radeon_connectors.c" }, "signature_version": "v1", "signature_type": "Line", "deprecated": false }, { "digest": { "threshold": 0.9, "line_hashes": [ "143771719937603481667340013906101912156", "209284412227561010432947133955609158092", "264539314440900876013973086624414189179", "260640671311897216059815833053714852753", "19008661916011379632179265161427821077", "174424723901746249167254712378263990902", "165559172793494807526379110287830075810", "238448584789884091288052016944741964671" ] }, "id": "CVE-2022-48710-446a8536", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@140d9807b96e1303f6f2675a7ae8710a2094bd17", "target": { "file": "drivers/gpu/drm/radeon/radeon_connectors.c" }, "signature_version": "v1", "signature_type": "Line", "deprecated": false }, { "digest": { "function_hash": "50255000518586416405435935630806012091", "length": 718.0 }, "id": "CVE-2022-48710-56c1ff29", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@16a0f0b63c4c7eb46fc4c3f00bf2836e6ee46a9f", "target": { "file": "drivers/gpu/drm/radeon/radeon_connectors.c", "function": "radeon_fp_native_mode" }, "signature_version": "v1", "signature_type": "Function", "deprecated": false }, { "digest": { "function_hash": "50255000518586416405435935630806012091", "length": 718.0 }, "id": "CVE-2022-48710-ce192081", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b33f7d99c9226892c7794dc2500fae35966020c9", "target": { "file": "drivers/gpu/drm/radeon/radeon_connectors.c", "function": "radeon_fp_native_mode" }, "signature_version": "v1", "signature_type": "Function", "deprecated": false }, { "digest": { "function_hash": "50255000518586416405435935630806012091", "length": 718.0 }, "id": "CVE-2022-48710-db270221", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@140d9807b96e1303f6f2675a7ae8710a2094bd17", "target": { "file": "drivers/gpu/drm/radeon/radeon_connectors.c", "function": "radeon_fp_native_mode" }, "signature_version": "v1", "signature_type": "Function", "deprecated": false }, { "digest": { "threshold": 0.9, "line_hashes": [ "143771719937603481667340013906101912156", "209284412227561010432947133955609158092", "264539314440900876013973086624414189179", "260640671311897216059815833053714852753", "19008661916011379632179265161427821077", "174424723901746249167254712378263990902", "165559172793494807526379110287830075810", "238448584789884091288052016944741964671" ] }, "id": "CVE-2022-48710-eeb08f9f", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b33f7d99c9226892c7794dc2500fae35966020c9", "target": { "file": "drivers/gpu/drm/radeon/radeon_connectors.c" }, "signature_version": "v1", "signature_type": "Line", "deprecated": false } ]