| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024062007-CVE-2022-48756-fc26@gregkh>
Date: Thu, 20 Jun 2024 13:16:36 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2022-48756: drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable
The function performs a check on the "phy" input parameter, however, it
is used before the check.
Initialize the "dev" variable after the sanity check to avoid a possible
NULL pointer dereference.
Addresses-Coverity-ID: 1493860 ("Null pointer dereference")
The Linux kernel CVE team has assigned CVE-2022-48756 to this issue.
Affected and fixed versions
===========================
Issue introduced in 4.3 with commit 5c8290284402 and fixed in 4.14.265 with commit 6d9f8ba28f37
Issue introduced in 4.3 with commit 5c8290284402 and fixed in 4.19.228 with commit ca63eeb70fcb
Issue introduced in 4.3 with commit 5c8290284402 and fixed in 5.4.176 with commit 581317b1f001
Issue introduced in 4.3 with commit 5c8290284402 and fixed in 5.10.96 with commit 79c0b5287ded
Issue introduced in 4.3 with commit 5c8290284402 and fixed in 5.15.19 with commit 56480fb10b97
Issue introduced in 4.3 with commit 5c8290284402 and fixed in 5.16.5 with commit 2b7e7df1eacd
Issue introduced in 4.3 with commit 5c8290284402 and fixed in 5.17 with commit 5e761a228723
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2022-48756
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
drivers/gpu/drm/msm/dsi/phy/dsi_phy.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/6d9f8ba28f3747ca0f910a363e46f1114856dbbe
https://git.kernel.org/stable/c/ca63eeb70fcb53c42e1fe54e1735a54d8e7759fd
https://git.kernel.org/stable/c/581317b1f001b7509041544d7019b75571daa100
https://git.kernel.org/stable/c/79c0b5287ded74f4eacde4dfd8aa0a76cbd853b5
https://git.kernel.org/stable/c/56480fb10b976581a363fd168dc2e4fbee87a1a7
https://git.kernel.org/stable/c/2b7e7df1eacd280e561ede3e977853606871c951
https://git.kernel.org/stable/c/5e761a2287234bc402ba7ef07129f5103bcd775c
Powered by blists - more mailing lists