| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022608-CVE-2022-49506-2808@gregkh> Date: Wed, 26 Feb 2025 03:13:00 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2022-49506: drm/mediatek: Add vblank register/unregister callback functions Description =========== In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Add vblank register/unregister callback functions We encountered a kernel panic issue that callback data will be NULL when it's using in ovl irq handler. There is a timing issue between mtk_disp_ovl_irq_handler() and mtk_ovl_disable_vblank(). To resolve this issue, we use the flow to register/unregister vblank cb: - Register callback function and callback data when crtc creates. - Unregister callback function and callback data when crtc destroies. With this solution, we can assure callback data will not be NULL when vblank is disable. The Linux kernel CVE team has assigned CVE-2022-49506 to this issue. Affected and fixed versions =========================== Issue introduced in 5.12 with commit 9b0704988b151824a51133dc4c921f4273c5d839 and fixed in 5.15.54 with commit 8a2dbdeccef6de47565638abdf3c25f41cdffc37 Issue introduced in 5.12 with commit 9b0704988b151824a51133dc4c921f4273c5d839 and fixed in 5.17.14 with commit 8a265d9838bc3c63579002d55c2b2c655c4f8f26 Issue introduced in 5.12 with commit 9b0704988b151824a51133dc4c921f4273c5d839 and fixed in 5.18.3 with commit 3a4027b5971fe2a94e32754f007d9d3c12c68ad1 Issue introduced in 5.12 with commit 9b0704988b151824a51133dc4c921f4273c5d839 and fixed in 5.19 with commit b74d921b900b6ce38c6247c0a1c86be9f3746493 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49506 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/gpu/drm/mediatek/mtk_disp_drv.h drivers/gpu/drm/mediatek/mtk_disp_ovl.c drivers/gpu/drm/mediatek/mtk_disp_rdma.c drivers/gpu/drm/mediatek/mtk_drm_crtc.c drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.c drivers/gpu/drm/mediatek/mtk_drm_ddp_comp.h Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/8a2dbdeccef6de47565638abdf3c25f41cdffc37 https://git.kernel.org/stable/c/8a265d9838bc3c63579002d55c2b2c655c4f8f26 https://git.kernel.org/stable/c/3a4027b5971fe2a94e32754f007d9d3c12c68ad1 https://git.kernel.org/stable/c/b74d921b900b6ce38c6247c0a1c86be9f3746493
Powered by blists - more mailing lists