CVE-2022-49532

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-49532
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49532.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-49532
Downstream
Related
Published
2025-02-26T02:13:52.013Z
Modified
2026-03-12T03:25:19.733074Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/virtio: fix NULL pointer dereference in virtiogpuconngetmodes

drmcvtmode may return NULL and we should check it.

This bug is found by syzkaller:

FAULTINJECTION stacktrace: [ 168.567394] FAULTINJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 1 [ 168.567403] CPU: 1 PID: 6425 Comm: syz Kdump: loaded Not tainted 4.19.90-vhulk2201.1.0.h1035.kasan.eulerosv2r10.aarch64 #1 [ 168.567406] Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015 [ 168.567408] Call trace: [ 168.567414] dumpbacktrace+0x0/0x310 [ 168.567418] showstack+0x28/0x38 [ 168.567423] dumpstack+0xec/0x15c [ 168.567427] shouldfail+0x3ac/0x3d0 [ 168.567437] __shouldfailslab+0xb8/0x120 [ 168.567441] shouldfailslab+0x28/0xc0 [ 168.567445] kmem_cachealloctrace+0x50/0x640 [ 168.567454] drmmodecreate+0x40/0x90 [ 168.567458] drmcvtmode+0x48/0xc78 [ 168.567477] virtiogpuconngetmodes+0xa8/0x140 [virtiogpu] [ 168.567485] drmhelperprobesingleconnectormodes+0x3a4/0xd80 [ 168.567492] drmmodegetconnector+0x2e0/0xa70 [ 168.567496] drmioctlkernel+0x11c/0x1d8 [ 168.567514] drmioctl+0x558/0x6d0 [ 168.567522] dovfsioctl+0x160/0xf30 [ 168.567525] ksysioctl+0x98/0xd8 [ 168.567530] _arm64sysioctl+0x50/0xc8 [ 168.567536] el0svccommon+0xc8/0x320 [ 168.567540] el0svchandler+0xf8/0x160 [ 168.567544] el0svc+0x10/0x218

KASAN stacktrace: [ 168.567561] BUG: KASAN: null-ptr-deref in virtiogpuconngetmodes+0xb4/0x140 [virtiogpu] [ 168.567565] Read of size 4 at addr 0000000000000054 by task syz/6425 [ 168.567566] [ 168.567571] CPU: 1 PID: 6425 Comm: syz Kdump: loaded Not tainted 4.19.90-vhulk2201.1.0.h1035.kasan.eulerosv2r10.aarch64 #1 [ 168.567573] Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015 [ 168.567575] Call trace: [ 168.567578] dumpbacktrace+0x0/0x310 [ 168.567582] showstack+0x28/0x38 [ 168.567586] dumpstack+0xec/0x15c [ 168.567591] kasan_report+0x244/0x2f0 [ 168.567594] __asanload4+0x58/0xb0 [ 168.567607] virtiogpuconngetmodes+0xb4/0x140 [virtiogpu] [ 168.567612] drmhelperprobesingleconnectormodes+0x3a4/0xd80 [ 168.567617] drmmodegetconnector+0x2e0/0xa70 [ 168.567621] drmioctlkernel+0x11c/0x1d8 [ 168.567624] drmioctl+0x558/0x6d0 [ 168.567628] dovfsioctl+0x160/0xf30 [ 168.567632] ksys_ioctl+0x98/0xd8 [ 168.567636] _arm64sysioctl+0x50/0xc8 [ 168.567641] el0svccommon+0xc8/0x320 [ 168.567645] el0svchandler+0xf8/0x160 [ 168.567649] el0svc+0x10/0x218

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49532.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
dc5698e80cf724770283e10414054662bdf6ccfa
Fixed
e0828456578cc8ba0a69147f7ae3428392eec287
Fixed
848dd072744ea662ab3097e3c8282bee552df218
Fixed
edafcad84c4134ebec4bc24b29ca4497a1184eea
Fixed
f85cb059fad03a3b33a50023be91e944bb065ae8
Fixed
fadc626cae99aaa1325094edc6a9e2b883f3e562
Fixed
32e10aabc287f09a148ff759bb9ce70b01b0012c
Fixed
c51d00472fa54b9b05c17789ed665c17adf3a25d
Fixed
0f8bc147a963686b7351aa35d1701124ffacac08
Fixed
194d250cdc4a40ccbd179afd522a9e9846957402

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49532.json"