CVE-2022-50317

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: drm/bridge: megachips: Fix a null pointer dereference bug When removing the module we will get the following warning: [ 31.911505] i2c-core: driver [stdp2690-ge-b850v3-fw] unregistered [ 31.912484] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI [ 31.913338] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] [ 31.915280] RIP: 0010:drm_bridge_remove+0x97/0x130 [ 31.921825] Call Trace: [ 31.922533] stdp4028_ge_b850v3_fw_remove+0x34/0x60 [megachips_stdpxxxx_ge_b850v3_fw] [ 31.923139] i2c_device_remove+0x181/0x1f0 The two bridges (stdp2690, stdp4028) do not probe at the same time, so the driver does not call ge_b850v3_resgiter() when probing, causing the driver to try to remove the object that has not been initialized. Fix this by checking whether both the bridges are probed.

CVSS Score

Affected Products

Related Weaknesses (CWE)

References

• https://git.kernel.org/stable/c/1daf69228e310938177119c4eadcd30fc75c81e0Patch
• https://git.kernel.org/stable/c/1ff673333d46d2c1b053ebd0c1c7c7c79e36943ePatch
• https://git.kernel.org/stable/c/21764467ab396d9f08921e0a5ffa1214244e1ad9Patch
• https://git.kernel.org/stable/c/4610e7a4111fa3f3ce27c09d6d94008c55f1cd31Patch
• https://git.kernel.org/stable/c/5bc20bafcd87ba0858ab772cefc7047cb51bc249Patch
• https://git.kernel.org/stable/c/7371fad5cfe6eada6bb5523c895fd6074b15c2b9Patch
• https://git.kernel.org/stable/c/877e92e9b1bdeb580b31a46061005936be902cd4Patch
• https://git.kernel.org/stable/c/aaa512ad1e59f2edf8a9e4f2b167a44b24670679Patch