CVE-2022-49232

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-49232
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49232.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-49232
Downstream
Related
Published
2025-02-26T01:55:58.618Z
Modified
2026-05-15T11:54:16.178792378Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes()
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Fix a NULL pointer dereference in amdgpudmconnectoraddcommon_modes()

In amdgpudmconnectoraddcommonmodes(), amdgpudmcreatecommonmode() is assigned to mode and is passed to drmmodeprobedadd() directly after that. drmmodeprobedadd() passes &mode->head to listaddtail(), and there is a dereference of it in listaddtail() without recoveries, which could lead to NULL pointer dereference on failure of amdgpudmcreatecommon_mode().

Fix this by adding a NULL check of mode.

This bug was found by a static analyzer.

Builds with 'make allyesconfig' show no new warnings, and our static analyzer no longer warns about this code.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49232.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.15.0
Fixed
4.19.238
Type
ECOSYSTEM
Events
Introduced
4.20.0
Fixed
5.4.189
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.110
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.33
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
5.16.19
Type
ECOSYSTEM
Events
Introduced
5.17.0
Fixed
5.17.2

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49232.json"