5.5

CVE-2022-50317

EPSS 0.02%
Veröffentlicht 15.09.2025 14:48:50
Zuletzt bearbeitet 04.12.2025 15:19:42
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

drm/bridge: megachips: Fix a null pointer dereference bug

In the Linux kernel, the following vulnerability has been resolved:

drm/bridge: megachips: Fix a null pointer dereference bug

When removing the module we will get the following warning:

[   31.911505] i2c-core: driver [stdp2690-ge-b850v3-fw] unregistered
[   31.912484] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI
[   31.913338] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
[   31.915280] RIP: 0010:drm_bridge_remove+0x97/0x130
[   31.921825] Call Trace:
[   31.922533]  stdp4028_ge_b850v3_fw_remove+0x34/0x60 [megachips_stdpxxxx_ge_b850v3_fw]
[   31.923139]  i2c_device_remove+0x181/0x1f0

The two bridges (stdp2690, stdp4028) do not probe at the same time, so
the driver does not call ge_b850v3_resgiter() when probing, causing the
driver to try to remove the object that has not been initialized.

Fix this by checking whether both the bridges are probed.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 11

NVD 7 VulnDex Vulnerability Enrichment 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 4.14.263 < 4.14.296

Linux ≫ Linux Kernel Version >= 4.19.226 < 4.19.262

Linux ≫ Linux Kernel Version >= 5.4.174 < 5.4.220

Linux ≫ Linux Kernel Version >= 5.10.94 < 5.10.150

Linux ≫ Linux Kernel Version >= 5.15.17 < 5.15.75

Linux ≫ Linux Kernel Version >= 5.16.3 < 5.19.17

Linux ≫ Linux Kernel Version >= 6.0 < 6.0.3

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.041

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/aaa512ad1e59f2edf8a9e4f2b167a44b24670679

Patch

https://git.kernel.org/stable/c/5bc20bafcd87ba0858ab772cefc7047cb51bc249

Patch

https://git.kernel.org/stable/c/1daf69228e310938177119c4eadcd30fc75c81e0

Patch

https://git.kernel.org/stable/c/877e92e9b1bdeb580b31a46061005936be902cd4

Patch

https://git.kernel.org/stable/c/4610e7a4111fa3f3ce27c09d6d94008c55f1cd31

Patch

https://git.kernel.org/stable/c/21764467ab396d9f08921e0a5ffa1214244e1ad9

Patch

https://git.kernel.org/stable/c/7371fad5cfe6eada6bb5523c895fd6074b15c2b9

Patch

https://git.kernel.org/stable/c/1ff673333d46d2c1b053ebd0c1c7c7c79e36943e

Patch

https://nvd.nist.gov/vuln/detail/CVE-2022-50317

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50317

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50317

EUVD