CVE-2022-49221
drm/msm/dp: populate connector of struct dp_panel
Summary
Descriptions
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: populate connector of struct dp_panel DP CTS test case 4.2.2.6 has valid edid with bad checksum on purpose
and expect DP source return correct checksum. During drm edid read,
correct edid checksum is calculated and stored at
connector::real_edid_checksum. The problem is struct dp_panel::connector never be assigned, instead the
connector is stored in struct msm_dp::connector. When we run compliance
testing test case 4.2.2.6 dp_panel_handle_sink_request() won't have a valid
edid set in struct dp_panel::edid so we'll try to use the connectors
real_edid_checksum and hit a NULL pointer dereference error because the
connector pointer is never assigned. Changes in V2:
-- populate panel connector at msm_dp_modeset_init() instead of at dp_panel_read_sink_caps() Changes in V3:
-- remove unhelpful kernel crash trace commit text
-- remove renaming dp_display parameter to dp Changes in V4:
-- add more details to commit text Changes in v10:
-- group into one series Changes in v11:
-- drop drm/msm/dp: dp_link_parse_sink_count() return immediately if aux read Signee-off-by: Kuogee Hsieh <quic_khsieh@quicinc.com>
CVSS Scores
SSVC
- Decision:-
Timeline
- 2025-02-26 CVE Reserved
- 2025-02-26 CVE Published
- 2025-02-26 CVE Updated
- ---------- EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
Threat Intelligence Resources (0)
| Select | Title | Date |
|---|
Select an advisory to view details here.
| Select | Title | Date |
|---|
Select an exploit to view details here.
References (9)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/f86bc4a1a401d3691bad41e67f9db0c2ea94da32 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/7948fe12d47a946fb8025a0534c900e3dd4b5839 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/ab1ccd1e2584b268784518f838f7cc72faec576b | Vuln. Introduced | |
| https://git.kernel.org/stable/c/08a96864a45b65ee406a344c78dd761b2fd66887 | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.10.67 < 5.10.110 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.67 < 5.10.110" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.15 < 5.15.33 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 5.15.33" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.15 < 5.16.19 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 5.16.19" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.15 < 5.17.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 5.17.2" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.15 < 5.18 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 5.18" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 5.13.19 Search vendor "Linux" for product "Linux Kernel" and version "5.13.19" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 5.14.6 Search vendor "Linux" for product "Linux Kernel" and version "5.14.6" | en |
Affected
| ||||||