CVE-2022-50332
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-50332
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50332.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-50332
- Downstream
- Published
- 2025-09-15T14:49:42.733Z
- Modified
- 2025-11-29T07:54:18.350862Z
- Summary
- video/aperture: Call sysfb_disable() before removing PCI devices
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
video/aperture: Call sysfb_disable() before removing PCI devices
Call sysfbdisable() from apertureremoveconflictingpci_devices() before removing PCI devices. Without, simpledrm can still bind to simple-framebuffer devices after the hardware driver has taken over the hardware. Both drivers interfere with each other and results are undefined.
Reported modesetting errors [1] are shown below.
---- snap ---- rcu: INFO: rcusched detected expedited stalls on CPUs/tasks: { 13-.... } 7 jiffies s: 165 root: 0x2000/. rcu: blocking rcunode structures (internal RCU debug): Task dump for CPU 13: task:X state:R running task stack: 0 pid: 4242 ppid: 4228 flags:0x00000008 Call Trace: <TASK> ? committail+0xd7/0x130 ? drmatomichelpercommit+0x126/0x150 ? drmatomiccommit+0xa4/0xe0 ? drmplanegetdamageclips.cold+0x1c/0x1c ? drmatomichelperdirtyfb+0x19e/0x280 ? drmmodedirtyfbioctl+0x10f/0x1e0 ? drmmodegetfb2ioctl+0x2d0/0x2d0 ? drmioctlkernel+0xc4/0x150 ? drmioctl+0x246/0x3f0 ? drmmodegetfb2ioctl+0x2d0/0x2d0 ? _x64sysioctl+0x91/0xd0 ? dosyscall64+0x60/0xd0 ? entrySYSCALL64afterhwframe+0x4b/0xb5 </TASK> ... rcu: INFO: rcusched detected expedited stalls on CPUs/tasks: { 13-.... } 30 jiffies s: 169 root: 0x2000/. rcu: blocking rcunode structures (internal RCU debug): Task dump for CPU 13: task:X state:R running task stack: 0 pid: 4242 ppid: 4228 flags:0x0000400e Call Trace: <TASK> ? memcpytoio+0x76/0xc0 ? memcpytoio+0x1b/0xc0 ? drmfbmemcpytoio+0x76/0xb0 ? drmfbblittoio+0x75/0x2b0 ? simpledrmsimpledisplaypipeupdate+0x132/0x150 ? drmatomichelpercommitplanes+0xb6/0x230 ? drmatomichelpercommittail+0x44/0x80 ? committail+0xd7/0x130 ? drmatomichelpercommit+0x126/0x150 ? drmatomiccommit+0xa4/0xe0 ? drmplanegetdamageclips.cold+0x1c/0x1c ? drmatomichelperdirtyfb+0x19e/0x280 ? drmmodedirtyfbioctl+0x10f/0x1e0 ? drmmodegetfb2ioctl+0x2d0/0x2d0 ? drmioctlkernel+0xc4/0x150 ? drmioctl+0x246/0x3f0 ? drmmodegetfb2ioctl+0x2d0/0x2d0 ? _x64sysioctl+0x91/0xd0 ? dosyscall64+0x60/0xd0 ? entrySYSCALL64afterhwframe+0x4b/0xb5 </TASK>
The problem was added by commit 5e0137612430 ("video/aperture: Disable and unregister sysfb devices via aperture helpers") to v6.0.3 and does not exist in the mainline branch.
The mainline commit 5e0137612430 ("video/aperture: Disable and unregister sysfb devices via aperture helpers") has been backported from v6.0-rc1 to stable v6.0.3 from a larger patch series [2] that reworks fbdev framebuffer ownership. The backport misses a change to apertureremoveconflictingpcidevices(). Mainline itself is fine, because the function does not exist there as a result of the patch series.
Instead of backporting the whole series, fix the additional function.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50332.json", "cna_assigner": "Linux" }- References