CVE-2022-49827
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-49827
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49827.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-49827
- Downstream
- Related
- Published
- 2025-05-01T15:16:06Z
- Modified
- 2025-08-09T20:01:27Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
drm: Fix potential null-ptr-deref in drmvblankdestroy_worker()
drmvblankinit() call drmmaddactionorreset() with drmvblankinitrelease() as action. If _drmmaddaction() failed, will directly call drmvblankinitrelease() with the vblank whose worker is NULL. As the resule, a null-ptr-deref will happen in kthreaddestroyworker(). Add the NULL check before calling drmvblankdestroyworker().
BUG: null-ptr-deref KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f] CPU: 5 PID: 961 Comm: modprobe Not tainted 6.0.0-11331-gd465bff130bf-dirty RIP: 0010:kthreaddestroyworker+0x25/0xb0 Call Trace: <TASK> drmvblankinitrelease+0x124/0x220 [drm] ? drmcrtcvblankrestore+0x8b0/0x8b0 [drm] _drmmaddactionorreset+0x41/0x50 [drm] drmvblankinit+0x282/0x310 [drm] vkmsinit+0x35f/0x1000 [vkms] ? 0xffffffffc4508000 ? lockisheldtype+0xd7/0x130 ? _kmemcacheallocnode+0x1c2/0x2b0 ? lockisheldtype+0xd7/0x130 ? 0xffffffffc4508000 dooneinitcall+0xd0/0x4f0 ... dosyscall64+0x35/0x80 entrySYSCALL64afterhwframe+0x46/0xb0
- References