CVE-2022-49221

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-49221

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49221.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-49221

Related

UBUNTU-CVE-2022-49221

Published

2025-02-26T07:00:59Z

Modified

2025-03-18T20:50:34.046192Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

drm/msm/dp: populate connector of struct dp_panel

DP CTS test case 4.2.2.6 has valid edid with bad checksum on purpose and expect DP source return correct checksum. During drm edid read, correct edid checksum is calculated and stored at connector::realedidchecksum.

The problem is struct dppanel::connector never be assigned, instead the connector is stored in struct msmdp::connector. When we run compliance testing test case 4.2.2.6 dppanelhandlesinkrequest() won't have a valid edid set in struct dppanel::edid so we'll try to use the connectors realedid_checksum and hit a NULL pointer dereference error because the connector pointer is never assigned.

Changes in V2: -- populate panel connector at msmdpmodesetinit() instead of at dppanelreadsink_caps()

Changes in V3: -- remove unhelpful kernel crash trace commit text -- remove renaming dp_display parameter to dp

Changes in V4: -- add more details to commit text

Changes in v10: -- group into one series

Changes in v11: -- drop drm/msm/dp: dplinkparsesinkcount() return immediately if aux read

Signee-off-by: Kuogee Hsieh quic_khsieh@quicinc.com

References

Affected packages

Debian:11 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.10.113-1

Affected versions

5.*

5.10.46-4

5.10.46-5

5.10.70-1~bpo10+1

5.10.70-1

5.10.84-1

5.10.92-1~bpo10+1

5.10.92-1

5.10.92-2

5.10.103-1~bpo10+1

5.10.103-1

5.10.106-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.17.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.17.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}