Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: ipu3-imgu: Fix NULL pointer dereference in imgu_subdev_set_selection() Calling v4l2_subdev_get_try_crop() and v4l2_subdev_get_try_compose() with a subdev state of NULL leads to a NULL pointer dereference. This can currently happen in imgu_subdev_set_selection() when the state passed in is NULL, as this method first gets pointers to both the "try" and "active" states and only then decides which to use. The same issue has been addressed for imgu_subdev_get_selection() with commit 30d03a0de650 ("ipu3-imgu: Fix NULL pointer dereference in active selection access"). However the issue still persists in imgu_subdev_set_selection(). Therefore, apply a similar fix as done in the aforementioned commit to imgu_subdev_set_selection(). To keep things a bit cleaner, introduce helper functions for "crop" and "compose" access and use them in both imgu_subdev_set_selection() and imgu_subdev_get_selection().
References
- https://git.kernel.org/stable/c/5038ee677606106c91564f9c4557d808d14bad70
- https://git.kernel.org/stable/c/611d617bdb6c5d636a9861ec1c98e813fc8a5556
- https://git.kernel.org/stable/c/dc608edf7d45ba0c2ad14c06eccd66474fec7847
- https://git.kernel.org/stable/c/fa6bbb4894b9b947063c6ff90018a954c5f9f4b3
FAQ
What is CVE-2022-50826?
CVE-2022-50826 is a documented vulnerability. In the Linux kernel, the following vulnerability has been resolved: ipu3-imgu: Fix NULL pointer dereference in imgu_subdev_set_selection() Calling v4l2_subdev_get_try_crop() and v4l2_subdev_get_try_...
How severe is CVE-2022-50826?
CVSS scoring is not yet available for CVE-2022-50826. Check NVD for updates.
Is there a patch for CVE-2022-50826?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.