CVE-2022-49232

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes() In amdgpu_dm_connector_add_common_modes(), amdgpu_dm_create_common_mode() is assigned to mode and is passed to drm_mode_probed_add() directly after that. drm_mode_probed_add() passes &mode->head to list_add_tail(), and there is a dereference of it in list_add_tail() without recoveries, which could lead to NULL pointer dereference on failure of amdgpu_dm_create_common_mode(). Fix this by adding a NULL check of mode. This bug was found by a static analyzer. Builds with 'make allyesconfig' show no new warnings, and our static analyzer no longer warns about this code.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/19a7eba284790cfbba2945deb2363cf03ce41648	Patch
https://git.kernel.org/stable/c/2c729dec8c1e3e2892fde5ce8181553860914e74	Patch
https://git.kernel.org/stable/c/57f4ad5e286fe4599c8fc63cf89f85f9eec7f9c9	Patch
https://git.kernel.org/stable/c/588a70177df3b1777484267584ef38ab2ca899a2	Patch
https://git.kernel.org/stable/c/639b3b9def0a6a3f316a195d705d14113236e89c	Patch
https://git.kernel.org/stable/c/bdc7429708a0772d90c208975694f7c2133b1202	Patch
https://git.kernel.org/stable/c/f4eaa999fec78dec2a9c2d797438e05cbffb125b	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

18 Mar 2025, 19:26

Type	Values Removed	Values Added
CWE		CWE-476
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Corrige una desreferencia de puntero NULL en amdgpu_dm_connector_add_common_modes() En amdgpu_dm_connector_add_common_modes(), amdgpu_dm_create_common_mode() se asigna a mode y se pasa a drm_mode_probed_add() directamente después de eso. drm_mode_probed_add() pasa &mode->head a list_add_tail(), y hay una desreferencia de este en list_add_tail() sin recuperaciones, lo que podría provocar una desreferencia de puntero NULL en caso de fallo de amdgpu_dm_create_common_mode(). Corrige esto agregando una comprobación NULL de mode. Este error fue encontrado por un analizador estático. Las compilaciones con 'make allyesconfig' no muestran nuevas advertencias y nuestro analizador estático ya no advierte sobre este código.
First Time		Linux linux Kernel Linux
References	~~() https://git.kernel.org/stable/c/19a7eba284790cfbba2945deb2363cf03ce41648 -~~	() https://git.kernel.org/stable/c/19a7eba284790cfbba2945deb2363cf03ce41648 - Patch
References	~~() https://git.kernel.org/stable/c/2c729dec8c1e3e2892fde5ce8181553860914e74 -~~	() https://git.kernel.org/stable/c/2c729dec8c1e3e2892fde5ce8181553860914e74 - Patch
References	~~() https://git.kernel.org/stable/c/57f4ad5e286fe4599c8fc63cf89f85f9eec7f9c9 -~~	() https://git.kernel.org/stable/c/57f4ad5e286fe4599c8fc63cf89f85f9eec7f9c9 - Patch
References	~~() https://git.kernel.org/stable/c/588a70177df3b1777484267584ef38ab2ca899a2 -~~	() https://git.kernel.org/stable/c/588a70177df3b1777484267584ef38ab2ca899a2 - Patch
References	~~() https://git.kernel.org/stable/c/639b3b9def0a6a3f316a195d705d14113236e89c -~~	() https://git.kernel.org/stable/c/639b3b9def0a6a3f316a195d705d14113236e89c - Patch
References	~~() https://git.kernel.org/stable/c/bdc7429708a0772d90c208975694f7c2133b1202 -~~	() https://git.kernel.org/stable/c/bdc7429708a0772d90c208975694f7c2133b1202 - Patch
References	~~() https://git.kernel.org/stable/c/f4eaa999fec78dec2a9c2d797438e05cbffb125b -~~	() https://git.kernel.org/stable/c/f4eaa999fec78dec2a9c2d797438e05cbffb125b - Patch
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CPE		cpe:2.3:o:linux:linux_kernel::::::::

26 Feb 2025, 07:01

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-26 07:01

Updated : 2025-03-18 19:26

NVD link : CVE-2022-49232

Mitre link : CVE-2022-49232

CVE.ORG link : CVE-2022-49232

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

5.5 /10