Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: fix bridge lifetime Device-managed resources allocated post component bind must be tied to the lifetime of the aggregate DRM device or they will not necessarily be released when binding of the aggregate device is deferred. This can lead resource leaks or failure to bind the aggregate device when binding is later retried and a second attempt to allocate the resources is made. For the DP bridges, previously allocated bridges will leak on probe deferral. Fix this by amending the DP parser interface and tying the lifetime of the bridge device to the DRM device rather than DP platform device. Patchwork: https://patchwork.freedesktop.org/patch/502667/
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 5.19, < 6.0.7 |
References
- https://git.kernel.org/stable/c/16194958f888d63839042d1190f7001e5ddec47bPatch
- https://git.kernel.org/stable/c/7eda6977e8058dd45607a5bbc6517a0f42ccd6c9Patch
FAQ
What is CVE-2022-50292?
CVE-2022-50292 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: fix bridge lifetime Device-managed resources allocated post component bind must be tied to the lifetime of the aggrega...
How severe is CVE-2022-50292?
CVE-2022-50292 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-50292?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.