CVE-2022-49532

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-49532
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49532.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-49532
Related
Published
2025-02-26T07:01:29Z
Modified
2025-03-10T22:53:03.677984Z
Downstream
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/virtio: fix NULL pointer dereference in virtiogpuconngetmodes

drmcvtmode may return NULL and we should check it.

This bug is found by syzkaller:

FAULTINJECTION stacktrace: [ 168.567394] FAULTINJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 1 [ 168.567403] CPU: 1 PID: 6425 Comm: syz Kdump: loaded Not tainted 4.19.90-vhulk2201.1.0.h1035.kasan.eulerosv2r10.aarch64 #1 [ 168.567406] Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015 [ 168.567408] Call trace: [ 168.567414] dumpbacktrace+0x0/0x310 [ 168.567418] showstack+0x28/0x38 [ 168.567423] dumpstack+0xec/0x15c [ 168.567427] shouldfail+0x3ac/0x3d0 [ 168.567437] _shouldfailslab+0xb8/0x120 [ 168.567441] shouldfailslab+0x28/0xc0 [ 168.567445] kmemcachealloctrace+0x50/0x640 [ 168.567454] drmmodecreate+0x40/0x90 [ 168.567458] drmcvtmode+0x48/0xc78 [ 168.567477] virtiogpuconngetmodes+0xa8/0x140 [virtiogpu] [ 168.567485] drmhelperprobesingleconnectormodes+0x3a4/0xd80 [ 168.567492] drmmodegetconnector+0x2e0/0xa70 [ 168.567496] drmioctlkernel+0x11c/0x1d8 [ 168.567514] drmioctl+0x558/0x6d0 [ 168.567522] dovfsioctl+0x160/0xf30 [ 168.567525] ksysioctl+0x98/0xd8 [ 168.567530] _arm64sysioctl+0x50/0xc8 [ 168.567536] el0svccommon+0xc8/0x320 [ 168.567540] el0svchandler+0xf8/0x160 [ 168.567544] el0svc+0x10/0x218

KASAN stacktrace: [ 168.567561] BUG: KASAN: null-ptr-deref in virtiogpuconngetmodes+0xb4/0x140 [virtiogpu] [ 168.567565] Read of size 4 at addr 0000000000000054 by task syz/6425 [ 168.567566] [ 168.567571] CPU: 1 PID: 6425 Comm: syz Kdump: loaded Not tainted 4.19.90-vhulk2201.1.0.h1035.kasan.eulerosv2r10.aarch64 #1 [ 168.567573] Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015 [ 168.567575] Call trace: [ 168.567578] dumpbacktrace+0x0/0x310 [ 168.567582] showstack+0x28/0x38 [ 168.567586] dumpstack+0xec/0x15c [ 168.567591] kasanreport+0x244/0x2f0 [ 168.567594] _asanload4+0x58/0xb0 [ 168.567607] virtiogpuconngetmodes+0xb4/0x140 [virtiogpu] [ 168.567612] drmhelperprobesingleconnectormodes+0x3a4/0xd80 [ 168.567617] drmmodegetconnector+0x2e0/0xa70 [ 168.567621] drmioctlkernel+0x11c/0x1d8 [ 168.567624] drmioctl+0x558/0x6d0 [ 168.567628] dovfsioctl+0x160/0xf30 [ 168.567632] ksysioctl+0x98/0xd8 [ 168.567636] _arm64sysioctl+0x50/0xc8 [ 168.567641] el0svccommon+0xc8/0x320 [ 168.567645] el0svchandler+0xf8/0x160 [ 168.567649] el0_svc+0x10/0x218

References

Affected packages

Debian:11 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.127-1

Affected versions

5.*

5.10.46-4
5.10.46-5
5.10.70-1~bpo10+1
5.10.70-1
5.10.84-1
5.10.92-1~bpo10+1
5.10.92-1
5.10.92-2
5.10.103-1~bpo10+1
5.10.103-1
5.10.106-1
5.10.113-1
5.10.120-1~bpo10+1
5.10.120-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.18.5-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.18.5-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}