- Vulnerability/
- CVE-2022-49490
CVE-2022-49490: drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected
First published: Wed Feb 26 2025(Updated: )
In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected mdp5_get_global_state runs the risk of hitting a -EDEADLK when acquiring the modeset lock, but currently mdp5_pipe_release doesn't check for if an error is returned. Because of this, there is a possibility of mdp5_pipe_release hitting a NULL dereference error. To avoid this, let's have mdp5_pipe_release check if mdp5_get_global_state returns an error and propogate that error. Changes since v1: - Separated declaration and initialization of *new_state to avoid compiler warning - Fixed some spelling mistakes in commit message Changes since v2: - Return 0 in case where hwpipe is NULL as this is considered normal behavior - Added 2nd patch in series to fix a similar NULL dereference issue in mdp5_mixer_release Patchwork: https://patchwork.freedesktop.org/patch/485179/
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/776f5c58bfe16cf322d71eeed3c5dda1eeac7e6b
- https://git.kernel.org/stable/c/b2aa2c4efe93e2580d6a8774b04fe2b99756a322
- https://git.kernel.org/stable/c/49dc28b4b2e28ef7564e355c91487996c1cbebd7
- https://git.kernel.org/stable/c/04bef5f1ba8ea6d7c1c8f5f65e0395c62db59cb8
- https://git.kernel.org/stable/c/19964dfb39bda4d7716a71009488f0668ecbcf52
- https://git.kernel.org/stable/c/33dc5aac46e0fad8f5eb193e5906ed0eb6b66ceb
- https://git.kernel.org/stable/c/d59be579fa932c46b908f37509f319cbd4ca9a68
Frequently Asked Questions
What is the severity of CVE-2022-49490?
CVE-2022-49490 has a medium severity rating due to the potential for deadlock situations in the Linux kernel.
How do I fix CVE-2022-49490?
To fix CVE-2022-49490, update to the latest stable version of the Linux kernel where the vulnerability has been resolved.
What systems are affected by CVE-2022-49490?
CVE-2022-49490 affects the Linux kernel, particularly in environments using the drm/msm/mdp5 video subsystem.
What are the implications of CVE-2022-49490?
The implications of CVE-2022-49490 include potential system deadlock, which may affect system stability.
Has CVE-2022-49490 been resolved?
Yes, CVE-2022-49490 has been resolved in subsequent updates to the Linux kernel.
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/first-publish-date
- agent/type
- agent/references
- agent/title
- agent/author
- agent/source
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- vendor/the linux foundation
- canonical/linux kernel