| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025123028-CVE-2022-50786-0c33@gregkh> Date: Tue, 30 Dec 2025 13:03:29 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50786: media: s5p-mfc: Clear workbit to handle error condition From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: media: s5p-mfc: Clear workbit to handle error condition During error on CLOSE_INSTANCE command, ctx_work_bits was not getting cleared. During consequent mfc execution NULL pointer dereferencing of this context led to kernel panic. This patch fixes this issue by making sure to clear ctx_work_bits always. The Linux kernel CVE team has assigned CVE-2022-50786 to this issue. Affected and fixed versions =========================== Issue introduced in 3.16 with commit 818cd91ab8c6e42c2658c8e61f8462637c6f586b and fixed in 4.19.270 with commit 12242bd13ce68acd571b2cce6ab302e154e8a4ee Issue introduced in 3.16 with commit 818cd91ab8c6e42c2658c8e61f8462637c6f586b and fixed in 5.4.229 with commit 640075400c7c577b0f5369b935e22a588773fafa Issue introduced in 3.16 with commit 818cd91ab8c6e42c2658c8e61f8462637c6f586b and fixed in 5.10.163 with commit 8ff64edf9d16e8c277dcc8189794763624e6b4b8 Issue introduced in 3.16 with commit 818cd91ab8c6e42c2658c8e61f8462637c6f586b and fixed in 5.15.87 with commit ff27800c0a6d81571671b33f696109804d015409 Issue introduced in 3.16 with commit 818cd91ab8c6e42c2658c8e61f8462637c6f586b and fixed in 6.0.18 with commit 09c1fbbe532758e4046c20829f4c0c50b99332dc Issue introduced in 3.16 with commit 818cd91ab8c6e42c2658c8e61f8462637c6f586b and fixed in 6.1.4 with commit bd1b72f0c39a0d791a087b4e643701a48328ba8e Issue introduced in 3.16 with commit 818cd91ab8c6e42c2658c8e61f8462637c6f586b and fixed in 6.2 with commit d3f3c2fe54e30b0636496d842ffbb5ad3a547f9b Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50786 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/media/platform/samsung/s5p-mfc/s5p_mfc_ctrl.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/12242bd13ce68acd571b2cce6ab302e154e8a4ee https://git.kernel.org/stable/c/640075400c7c577b0f5369b935e22a588773fafa https://git.kernel.org/stable/c/8ff64edf9d16e8c277dcc8189794763624e6b4b8 https://git.kernel.org/stable/c/ff27800c0a6d81571671b33f696109804d015409 https://git.kernel.org/stable/c/09c1fbbe532758e4046c20829f4c0c50b99332dc https://git.kernel.org/stable/c/bd1b72f0c39a0d791a087b4e643701a48328ba8e https://git.kernel.org/stable/c/d3f3c2fe54e30b0636496d842ffbb5ad3a547f9b
Powered by blists - more mailing lists