CVE-2022-49254

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-49254
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49254.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-49254
Downstream
Related
Published
2025-02-26T01:56:09.619Z
Modified
2025-11-28T15:24:32.417870Z
Summary
media: ti-vpe: cal: Fix a NULL pointer dereference in cal_ctx_v4l2_init_formats()
Details

In the Linux kernel, the following vulnerability has been resolved:

media: ti-vpe: cal: Fix a NULL pointer dereference in calctxv4l2initformats()

In calctxv4l2initformats(), devmkzalloc() is assigned to ctx->activefmt and there is a dereference of it after that, which could lead to NULL pointer dereference on failure of devm_kzalloc().

Fix this bug by adding a NULL check of ctx->active_fmt.

This bug was found by a static analyzer.

Builds with 'make allyesconfig' show no new warnings, and our static analyzer no longer warns about this code.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49254.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
7168155002cf7aadbfaa14a28f037c880a214764
Fixed
aa613ac270292e102503e9767882e39200efe608
Fixed
91e2805579ab0783eed53acc2bf9fb553e939004
Fixed
1381f1a629a090c251965edb56f849ad648414a4
Fixed
abd77889851d2ead0d0c9c4d29f1808801477b00

Affected versions

v5.*

v5.11
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.24
v5.15.25
v5.15.26
v5.15.27
v5.15.28
v5.15.29
v5.15.3
v5.15.30
v5.15.31
v5.15.32
v5.15.4
v5.15.5
v5.15.6
v5.15.7
v5.15.8
v5.15.9
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.16.1
v5.16.10
v5.16.11
v5.16.12
v5.16.13
v5.16.14
v5.16.15
v5.16.16
v5.16.17
v5.16.18
v5.16.2
v5.16.3
v5.16.4
v5.16.5
v5.16.6
v5.16.7
v5.16.8
v5.16.9
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.17.1

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "261433836143785562009442742549996198041",
                "204365175678467386673063171077059878974",
                "175606881990670197618130277728988269584",
                "44336555203488671205375130396178040270"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "target": {
            "file": "drivers/media/platform/ti-vpe/cal-video.c"
        },
        "deprecated": false,
        "id": "CVE-2022-49254-27281e8e",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@abd77889851d2ead0d0c9c4d29f1808801477b00"
    },
    {
        "signature_version": "v1",
        "digest": {
            "function_hash": "171804286128438949003575404418954532175",
            "length": 1707.0
        },
        "signature_type": "Function",
        "target": {
            "file": "drivers/media/platform/ti-vpe/cal-video.c",
            "function": "cal_ctx_v4l2_init_formats"
        },
        "deprecated": false,
        "id": "CVE-2022-49254-361e39f1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@aa613ac270292e102503e9767882e39200efe608"
    },
    {
        "signature_version": "v1",
        "digest": {
            "function_hash": "171804286128438949003575404418954532175",
            "length": 1707.0
        },
        "signature_type": "Function",
        "target": {
            "file": "drivers/media/platform/ti-vpe/cal-video.c",
            "function": "cal_ctx_v4l2_init_formats"
        },
        "deprecated": false,
        "id": "CVE-2022-49254-3a7572b7",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@91e2805579ab0783eed53acc2bf9fb553e939004"
    },
    {
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "261433836143785562009442742549996198041",
                "204365175678467386673063171077059878974",
                "175606881990670197618130277728988269584",
                "44336555203488671205375130396178040270"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "target": {
            "file": "drivers/media/platform/ti-vpe/cal-video.c"
        },
        "deprecated": false,
        "id": "CVE-2022-49254-72026145",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1381f1a629a090c251965edb56f849ad648414a4"
    },
    {
        "signature_version": "v1",
        "digest": {
            "function_hash": "171804286128438949003575404418954532175",
            "length": 1707.0
        },
        "signature_type": "Function",
        "target": {
            "file": "drivers/media/platform/ti-vpe/cal-video.c",
            "function": "cal_ctx_v4l2_init_formats"
        },
        "deprecated": false,
        "id": "CVE-2022-49254-79675e04",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@abd77889851d2ead0d0c9c4d29f1808801477b00"
    },
    {
        "signature_version": "v1",
        "digest": {
            "function_hash": "171804286128438949003575404418954532175",
            "length": 1707.0
        },
        "signature_type": "Function",
        "target": {
            "file": "drivers/media/platform/ti-vpe/cal-video.c",
            "function": "cal_ctx_v4l2_init_formats"
        },
        "deprecated": false,
        "id": "CVE-2022-49254-ae76cdeb",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1381f1a629a090c251965edb56f849ad648414a4"
    },
    {
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "261433836143785562009442742549996198041",
                "204365175678467386673063171077059878974",
                "175606881990670197618130277728988269584",
                "44336555203488671205375130396178040270"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "target": {
            "file": "drivers/media/platform/ti-vpe/cal-video.c"
        },
        "deprecated": false,
        "id": "CVE-2022-49254-d76a13cc",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@aa613ac270292e102503e9767882e39200efe608"
    },
    {
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "261433836143785562009442742549996198041",
                "204365175678467386673063171077059878974",
                "175606881990670197618130277728988269584",
                "44336555203488671205375130396178040270"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "target": {
            "file": "drivers/media/platform/ti-vpe/cal-video.c"
        },
        "deprecated": false,
        "id": "CVE-2022-49254-ed985dca",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@91e2805579ab0783eed53acc2bf9fb553e939004"
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.12.0
Fixed
5.15.33
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
5.16.19
Type
ECOSYSTEM
Events
Introduced
5.17.0
Fixed
5.17.2