CVE-2022-49458

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-49458
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49458.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-49458
Downstream
Related
Published
2025-02-26T02:13:06Z
Modified
2025-10-15T22:36:53.137766Z
Summary
drm/msm: don't free the IRQ if it was not requested
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/msm: don't free the IRQ if it was not requested

As msmdrmuninit() is called from the msmdrminit() error path, additional care should be necessary as not to call the freeirq() for the IRQ that was not requested before (because an error occured earlier than the requestirq() call).

This fixed the issue reported with the following backtrace:

[ 8.571329] Trying to free already-free IRQ 187 [ 8.571339] WARNING: CPU: 0 PID: 76 at kernel/irq/manage.c:1895 freeirq+0x1e0/0x35c [ 8.588746] Modules linked in: pmicglink pdrinterface fastrpc qrtrsmd sndsochdmicodec msm fsa4480 gpusched drmdpauxbus qrtr i2cqcomgeni crct10difce qcomstats qcomq6v5pas drmdisplayhelper gpi qcompilinfo drmkmshelper qcomq6v5 qcomsysmon qcomcommon qcomglinksmem qcomrng mdtloader qmihelpers phyqcomqmp ufsqcom typec qnocsm8350 socinfo rmtfsmem fuse drm ipv6 [ 8.624154] CPU: 0 PID: 76 Comm: kworker/u16:2 Not tainted 5.18.0-rc5-next-20220506-00033-g6cee8cab6089-dirty #419 [ 8.624161] Hardware name: Qualcomm Technologies, Inc. SM8350 HDK (DT) [ 8.641496] Workqueue: eventsunbound deferredprobeworkfunc [ 8.647510] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 8.654681] pc : freeirq+0x1e0/0x35c [ 8.658454] lr : freeirq+0x1e0/0x35c [ 8.662228] sp : ffff800008ab3950 [ 8.665642] x29: ffff800008ab3950 x28: 0000000000000000 x27: ffff16350f56a700 [ 8.672994] x26: ffff1635025df080 x25: ffff16350251badc x24: ffff16350251bb90 [ 8.680343] x23: 0000000000000000 x22: 00000000000000bb x21: ffff16350e8f9800 [ 8.687690] x20: ffff16350251ba00 x19: ffff16350cbd5880 x18: ffffffffffffffff [ 8.695039] x17: 0000000000000000 x16: ffffa2dd12179434 x15: ffffa2dd1431d02d [ 8.702391] x14: 0000000000000000 x13: ffffa2dd1431d028 x12: 662d79646165726c [ 8.709740] x11: ffffa2dd13fd2438 x10: 000000000000000a x9 : 00000000000000bb [ 8.717111] x8 : ffffa2dd13fd23f0 x7 : ffff800008ab3750 x6 : 00000000fffff202 [ 8.724487] x5 : ffff16377e870a18 x4 : 00000000fffff202 x3 : ffff735a6ae1b000 [ 8.731851] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff1635015f8000 [ 8.739217] Call trace: [ 8.741755] freeirq+0x1e0/0x35c [ 8.745198] msmdrmuninit.isra.0+0x14c/0x294 [msm] [ 8.750548] msmdrmbind+0x28c/0x5d0 [msm] [ 8.755081] trytobringupaggregatedevice+0x164/0x1d0 [ 8.760657] _componentadd+0xa0/0x170 [ 8.764626] componentadd+0x14/0x20 [ 8.768337] dpdisplayprobe+0x2a4/0x464 [msm] [ 8.773242] platformprobe+0x68/0xe0 [ 8.777043] reallyprobe.part.0+0x9c/0x28c [ 8.781368] _driverprobedevice+0x98/0x144 [ 8.785871] driverprobedevice+0x40/0x140 [ 8.790191] _deviceattachdriver+0xb4/0x120 [ 8.794788] busforeachdrv+0x78/0xd0 [ 8.798751] _deviceattach+0xdc/0x184 [ 8.802713] deviceinitialprobe+0x14/0x20 [ 8.807031] busprobedevice+0x9c/0xa4 [ 8.810991] deferredprobeworkfunc+0x88/0xc0 [ 8.815667] processonework+0x1d0/0x320 [ 8.819809] workerthread+0x14c/0x444 [ 8.823688] kthread+0x10c/0x110 [ 8.827036] retfromfork+0x10/0x20

Patchwork: https://patchwork.freedesktop.org/patch/485422/

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
f026e431cf861197dc03217d1920b38b80b31dd9
Fixed
beb81c13d020ceb7f8693e65464162e5f249218e
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
f026e431cf861197dc03217d1920b38b80b31dd9
Fixed
b288ec4439c1dad304c1862bf6b0be78d9b1b2b2
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
f026e431cf861197dc03217d1920b38b80b31dd9
Fixed
59023c4fb1ab3de0fa001681650f662c253c7fd7
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
f026e431cf861197dc03217d1920b38b80b31dd9
Fixed
577e2a9dfc8fba7938aaf75db63fae7e328cc3cb

Affected versions

v5.*

v5.14
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.24
v5.15.25
v5.15.26
v5.15.27
v5.15.28
v5.15.29
v5.15.3
v5.15.30
v5.15.31
v5.15.32
v5.15.33
v5.15.34
v5.15.35
v5.15.36
v5.15.37
v5.15.38
v5.15.39
v5.15.4
v5.15.40
v5.15.41
v5.15.42
v5.15.43
v5.15.44
v5.15.45
v5.15.5
v5.15.6
v5.15.7
v5.15.8
v5.15.9
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.17.1
v5.17.10
v5.17.11
v5.17.12
v5.17.13
v5.17.2
v5.17.3
v5.17.4
v5.17.5
v5.17.6
v5.17.7
v5.17.8
v5.17.9
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.18.1
v5.18.2

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.15.0
Fixed
5.15.46
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
5.17.14
Type
ECOSYSTEM
Events
Introduced
5.18.0
Fixed
5.18.3