What is the severity of CVE-2022-49221?

CVE-2022-49221 has been classified with a severity rating that indicates it poses a significant risk to the affected Linux kernel versions.

Which versions of the Linux kernel are affected by CVE-2022-49221?

CVE-2022-49221 affects Linux kernel versions from 5.10.67 to 5.10.110, 5.13.19 to 5.14, 5.14.6 to 5.15.33, 5.16 to 5.16.19, and 5.17 to 5.17.2.

How do I fix CVE-2022-49221?

To fix CVE-2022-49221, upgrade the Linux kernel to a version that is not vulnerable, such as those released after the patches for this vulnerability.

What type of vulnerability is CVE-2022-49221?

CVE-2022-49221 is a vulnerability related to incorrect checksum processing in the display driver for certain configurations in the Linux kernel.

What impact does CVE-2022-49221 have on systems?

CVE-2022-49221 could lead to improper handling of DisplayPort communication which may allow for information disclosure or other security risks.

Vulnerability/
CVE-2022-49221

medium

5.5

CWE

476

26/2/2025

18/3/2025

CVE-2022-49221: drm/msm/dp: populate connector of struct dp_panel

First published: Wed Feb 26 2025(Updated: )

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: populate connector of struct dp_panel DP CTS test case 4.2.2.6 has valid edid with bad checksum on purpose and expect DP source return correct checksum. During drm edid read, correct edid checksum is calculated and stored at connector::real_edid_checksum. The problem is struct dp_panel::connector never be assigned, instead the connector is stored in struct msm_dp::connector. When we run compliance testing test case 4.2.2.6 dp_panel_handle_sink_request() won't have a valid edid set in struct dp_panel::edid so we'll try to use the connectors real_edid_checksum and hit a NULL pointer dereference error because the connector pointer is never assigned. Changes in V2: -- populate panel connector at msm_dp_modeset_init() instead of at dp_panel_read_sink_caps() Changes in V3: -- remove unhelpful kernel crash trace commit text -- remove renaming dp_display parameter to dp Changes in V4: -- add more details to commit text Changes in v10: -- group into one series Changes in v11: -- drop drm/msm/dp: dp_link_parse_sink_count() return immediately if aux read Signee-off-by: Kuogee Hsieh <quic_khsieh@quicinc.com>

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected Software	Affected Version	How to fix
Linux Kernel
Linux Kernel	>=5.10.67<5.10.110
Linux Kernel	>=5.13.19<5.14
Linux Kernel	>=5.14.6<5.15.33
Linux Kernel	>=5.16<5.16.19
Linux Kernel	>=5.17<5.17.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2022-49221?
CVE-2022-49221 has been classified with a severity rating that indicates it poses a significant risk to the affected Linux kernel versions.
Which versions of the Linux kernel are affected by CVE-2022-49221?
CVE-2022-49221 affects Linux kernel versions from 5.10.67 to 5.10.110, 5.13.19 to 5.14, 5.14.6 to 5.15.33, 5.16 to 5.16.19, and 5.17 to 5.17.2.
How do I fix CVE-2022-49221?
To fix CVE-2022-49221, upgrade the Linux kernel to a version that is not vulnerable, such as those released after the patches for this vulnerability.
What type of vulnerability is CVE-2022-49221?
CVE-2022-49221 is a vulnerability related to incorrect checksum processing in the display driver for certain configurations in the Linux kernel.
What impact does CVE-2022-49221 have on systems?
CVE-2022-49221 could lead to improper handling of DisplayPort communication which may allow for information disclosure or other security risks.

collector/mitre-cve
source/MITRE
agent/first-publish-date
agent/type
agent/title
agent/weakness
agent/author
agent/references
agent/source
agent/description
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/severity
agent/remedy
agent/last-modified-date
agent/softwarecombine
agent/event
agent/tags
agent/guess-ai
agent/software-canonical-lookup-request
vendor/linux
canonical/linux kernel
version/linux kernel/5.10.67
version/linux kernel/5.13.19
version/linux kernel/5.14.6
version/linux kernel/5.16
version/linux kernel/5.17

Frequently Asked Questions

What is the severity of CVE-2022-49221?
CVE-2022-49221 has been classified with a severity rating that indicates it poses a significant risk to the affected Linux kernel versions.
Which versions of the Linux kernel are affected by CVE-2022-49221?
CVE-2022-49221 affects Linux kernel versions from 5.10.67 to 5.10.110, 5.13.19 to 5.14, 5.14.6 to 5.15.33, 5.16 to 5.16.19, and 5.17 to 5.17.2.
How do I fix CVE-2022-49221?
To fix CVE-2022-49221, upgrade the Linux kernel to a version that is not vulnerable, such as those released after the patches for this vulnerability.
What type of vulnerability is CVE-2022-49221?
CVE-2022-49221 is a vulnerability related to incorrect checksum processing in the display driver for certain configurations in the Linux kernel.
What impact does CVE-2022-49221 have on systems?
CVE-2022-49221 could lead to improper handling of DisplayPort communication which may allow for information disclosure or other security risks.

CVE-2022-49221: drm/msm/dp: populate connector of struct dp_panel

Remedy

Remedy

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2022-49221?

Which versions of the Linux kernel are affected by CVE-2022-49221?

How do I fix CVE-2022-49221?

What type of vulnerability is CVE-2022-49221?

What impact does CVE-2022-49221 have on systems?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2022-49221?

Which versions of the Linux kernel are affected by CVE-2022-49221?

How do I fix CVE-2022-49221?

What type of vulnerability is CVE-2022-49221?

What impact does CVE-2022-49221 have on systems?