CVE-2022-49506

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Add vblank register/unregister callback functions We encountered a kernel panic issue that callback data will be NULL when it's using in ovl irq handler. There is a timing issue between mtk_disp_ovl_irq_handler() and mtk_ovl_disable_vblank(). To resolve this issue, we use the flow to register/unregister vblank cb: - Register callback function and callback data when crtc creates. - Unregister callback function and callback data when crtc destroies. With this solution, we can assure callback data will not be NULL when vblank is disable.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/3a4027b5971fe2a94e32754f007d9d3c12c68ad1	Patch
https://git.kernel.org/stable/c/8a265d9838bc3c63579002d55c2b2c655c4f8f26	Patch
https://git.kernel.org/stable/c/8a2dbdeccef6de47565638abdf3c25f41cdffc37	Patch
https://git.kernel.org/stable/c/b74d921b900b6ce38c6247c0a1c86be9f3746493	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

No history.

Information

Published : 2025-02-26 07:01

Updated : 2025-10-21 12:09

NVD link : CVE-2022-49506

Mitre link : CVE-2022-49506

CVE.ORG link : CVE-2022-49506

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

{"id": "CVE-2022-49506", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-02-26T07:01:26.737", "references": [{"url": "https://git.kernel.org/stable/c/3a4027b5971fe2a94e32754f007d9d3c12c68ad1", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/8a265d9838bc3c63579002d55c2b2c655c4f8f26", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/8a2dbdeccef6de47565638abdf3c25f41cdffc37", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b74d921b900b6ce38c6247c0a1c86be9f3746493", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mediatek: Add vblank register/unregister callback functions\n\nWe encountered a kernel panic issue that callback data will be NULL when\nit's using in ovl irq handler. There is a timing issue between\nmtk_disp_ovl_irq_handler() and mtk_ovl_disable_vblank().\n\nTo resolve this issue, we use the flow to register/unregister vblank cb:\n- Register callback function and callback data when crtc creates.\n- Unregister callback function and callback data when crtc destroies.\n\nWith this solution, we can assure callback data will not be NULL when\nvblank is disable."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/mediatek: Agregar funciones de devoluci\u00f3n de llamada de registro/cancelaci\u00f3n de vblank Encontramos un problema de p\u00e1nico del kernel que indicaba que los datos de devoluci\u00f3n de llamada ser\u00edan NULL cuando se usaban en el controlador de irq de ovl. Hay un problema de sincronizaci\u00f3n entre mtk_disp_ovl_irq_handler() y mtk_ovl_disable_vblank(). Para resolver este problema, usamos el flujo para registrar/cancelar el cb de vblank: - Registrar la funci\u00f3n de devoluci\u00f3n de llamada y los datos de devoluci\u00f3n de llamada cuando se crea crtc. - Cancelar la funci\u00f3n de devoluci\u00f3n de llamada y los datos de devoluci\u00f3n de llamada cuando se destruye crtc. Con esta soluci\u00f3n, podemos asegurar que los datos de devoluci\u00f3n de llamada no ser\u00edan NULL cuando se deshabilita vblank."}], "lastModified": "2025-10-21T12:09:15.500", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA8346B0-71FD-40BD-9BBC-1173FD7AF6C0", "versionEndExcluding": "5.15.54", "versionStartIncluding": "5.12"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15E2DD33-2255-4B76-9C15-04FF8CBAB252", "versionEndExcluding": "5.17.14", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E122216-2E9E-4B3E-B7B8-D575A45BA3C2", "versionEndExcluding": "5.18.3", "versionStartIncluding": "5.18"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}