| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022606-CVE-2022-49490-e38c@gregkh> Date: Wed, 26 Feb 2025 03:12:44 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2022-49490: drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected Description =========== In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected mdp5_get_global_state runs the risk of hitting a -EDEADLK when acquiring the modeset lock, but currently mdp5_pipe_release doesn't check for if an error is returned. Because of this, there is a possibility of mdp5_pipe_release hitting a NULL dereference error. To avoid this, let's have mdp5_pipe_release check if mdp5_get_global_state returns an error and propogate that error. Changes since v1: - Separated declaration and initialization of *new_state to avoid compiler warning - Fixed some spelling mistakes in commit message Changes since v2: - Return 0 in case where hwpipe is NULL as this is considered normal behavior - Added 2nd patch in series to fix a similar NULL dereference issue in mdp5_mixer_release Patchwork: https://patchwork.freedesktop.org/patch/485179/ The Linux kernel CVE team has assigned CVE-2022-49490 to this issue. Affected and fixed versions =========================== Issue introduced in 4.18 with commit 7907a0d77cb461f58045763c205a5830be72e97c and fixed in 4.19.247 with commit 776f5c58bfe16cf322d71eeed3c5dda1eeac7e6b Issue introduced in 4.18 with commit 7907a0d77cb461f58045763c205a5830be72e97c and fixed in 5.4.198 with commit b2aa2c4efe93e2580d6a8774b04fe2b99756a322 Issue introduced in 4.18 with commit 7907a0d77cb461f58045763c205a5830be72e97c and fixed in 5.10.121 with commit 49dc28b4b2e28ef7564e355c91487996c1cbebd7 Issue introduced in 4.18 with commit 7907a0d77cb461f58045763c205a5830be72e97c and fixed in 5.15.46 with commit 04bef5f1ba8ea6d7c1c8f5f65e0395c62db59cb8 Issue introduced in 4.18 with commit 7907a0d77cb461f58045763c205a5830be72e97c and fixed in 5.17.14 with commit 19964dfb39bda4d7716a71009488f0668ecbcf52 Issue introduced in 4.18 with commit 7907a0d77cb461f58045763c205a5830be72e97c and fixed in 5.18.3 with commit 33dc5aac46e0fad8f5eb193e5906ed0eb6b66ceb Issue introduced in 4.18 with commit 7907a0d77cb461f58045763c205a5830be72e97c and fixed in 5.19 with commit d59be579fa932c46b908f37509f319cbd4ca9a68 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49490 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/gpu/drm/msm/disp/mdp5/mdp5_pipe.c drivers/gpu/drm/msm/disp/mdp5/mdp5_pipe.h drivers/gpu/drm/msm/disp/mdp5/mdp5_plane.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/776f5c58bfe16cf322d71eeed3c5dda1eeac7e6b https://git.kernel.org/stable/c/b2aa2c4efe93e2580d6a8774b04fe2b99756a322 https://git.kernel.org/stable/c/49dc28b4b2e28ef7564e355c91487996c1cbebd7 https://git.kernel.org/stable/c/04bef5f1ba8ea6d7c1c8f5f65e0395c62db59cb8 https://git.kernel.org/stable/c/19964dfb39bda4d7716a71009488f0668ecbcf52 https://git.kernel.org/stable/c/33dc5aac46e0fad8f5eb193e5906ed0eb6b66ceb https://git.kernel.org/stable/c/d59be579fa932c46b908f37509f319cbd4ca9a68
Powered by blists - more mailing lists