CVE-2022-49218
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-49218
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49218.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-49218
- Downstream
- Related
- Published
- 2025-02-26T01:55:51Z
- Modified
- 2025-10-21T09:15:23.146936Z
- Severity
-
- 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
- Summary
- drm/dp: Fix OOB read when handling Post Cursor2 register
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
drm/dp: Fix OOB read when handling Post Cursor2 register
The link_status array was not large enough to read the Adjust Request Post Cursor2 register, so remove the common helper function to avoid an OOB read, found with a -Warray-bounds build:
drivers/gpu/drm/drmdphelper.c: In function 'drmdpgetadjustrequestpostcursor': drivers/gpu/drm/drmdphelper.c:59:27: error: array subscript 10 is outside array bounds of 'const u8[6]' {aka 'const unsigned char[6]'} [-Werror=array-bounds] 59 | return linkstatus[r - DPLANE01STATUS]; | ~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~ drivers/gpu/drm/drmdphelper.c:147:51: note: while referencing 'linkstatus' 147 | u8 drmdpgetadjustrequestpostcursor(const u8 linkstatus[DPLINKSTATUS_SIZE], | ~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Replace the only user of the helper with an open-coded fetch and decode, similar to drivers/gpu/drm/amd/display/dc/core/dclinkdp.c.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced79465e0ffeb9e4866939ea562bc55367be91e595Fixedaeaed9a9fe694f8b1462fb81e2d33298c929180b
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced79465e0ffeb9e4866939ea562bc55367be91e595Fixeda2151490cc6c57b368d7974ffd447a8b36ade639
Affected versions
v5.*
v5.10
v5.10-rc1
v5.10-rc2
v5.10-rc3
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.17.1
v5.4
v5.4-rc5
v5.4-rc6
v5.4-rc7
v5.4-rc8
v5.5
v5.5-rc1
v5.5-rc2
v5.5-rc3
v5.5-rc4
v5.5-rc5
v5.5-rc6
v5.5-rc7
v5.6
v5.6-rc1
v5.6-rc2
v5.6-rc3
v5.6-rc4
v5.6-rc5
v5.6-rc6
v5.6-rc7
v5.7
v5.7-rc1
v5.7-rc2
v5.7-rc3
v5.7-rc4
v5.7-rc5
v5.7-rc6
v5.7-rc7
v5.8
v5.8-rc1
v5.8-rc2
v5.8-rc3
v5.8-rc4
v5.8-rc5
v5.8-rc6
v5.8-rc7
v5.9
v5.9-rc1
v5.9-rc2
v5.9-rc3
v5.9-rc4
v5.9-rc5
v5.9-rc6
v5.9-rc7
v5.9-rc8
Database specific
vanir_signatures
[
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"322943632534317403190138578919113694827",
"20265415735650630093314411376207788274",
"125076765100549579003174184335236294293",
"40984950416782258306830205120478918361",
"17134429834670281373374739990976691802"
]
},
"target": {
"file": "include/drm/dp/drm_dp_helper.h"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a2151490cc6c57b368d7974ffd447a8b36ade639",
"id": "CVE-2022-49218-150204a4",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"327555316306831752339771470460971206818",
"104445973822688090367882129117710789172",
"105492260051451420151189689223522245514",
"167446085021364225365689514021133702029",
"239320460223945237416640533079080633358",
"227424167268184495389953579981162349043",
"316719914813790846486952107925446522386",
"225025000493102017828138613771932785289"
]
},
"target": {
"file": "drivers/gpu/drm/tegra/dp.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@aeaed9a9fe694f8b1462fb81e2d33298c929180b",
"id": "CVE-2022-49218-1a4d63db",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "23859534432638000231867200882996802307",
"length": 427.0
},
"target": {
"file": "drivers/gpu/drm/tegra/dp.c",
"function": "drm_dp_link_get_adjustments"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a2151490cc6c57b368d7974ffd447a8b36ade639",
"id": "CVE-2022-49218-38a60e94",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"322943632534317403190138578919113694827",
"20265415735650630093314411376207788274",
"125076765100549579003174184335236294293",
"40984950416782258306830205120478918361",
"17134429834670281373374739990976691802"
]
},
"target": {
"file": "include/drm/drm_dp_helper.h"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@aeaed9a9fe694f8b1462fb81e2d33298c929180b",
"id": "CVE-2022-49218-3964ea93",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "267565969848097785453285262222317374674",
"length": 221.0
},
"target": {
"file": "drivers/gpu/drm/drm_dp_helper.c",
"function": "drm_dp_get_adjust_request_post_cursor"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@aeaed9a9fe694f8b1462fb81e2d33298c929180b",
"id": "CVE-2022-49218-6fb93c10",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"193810020535488083761325679827304409353",
"54168534926532141768717034958073160408",
"112599301804565950542521532706154284021",
"178421538789700209027669205016614168689",
"66020445504571683634394048472816006924",
"128495272890173158236004714989260857266",
"78573380885230251864291346679167059845",
"182906525179890504368042597147321115290",
"260140034265228802014883175038690560130",
"297121755630739477727560571886283233868",
"318691705072771582091772557625531341774"
]
},
"target": {
"file": "drivers/gpu/drm/dp/drm_dp.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a2151490cc6c57b368d7974ffd447a8b36ade639",
"id": "CVE-2022-49218-993d6dc3",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "23859534432638000231867200882996802307",
"length": 427.0
},
"target": {
"file": "drivers/gpu/drm/tegra/dp.c",
"function": "drm_dp_link_get_adjustments"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@aeaed9a9fe694f8b1462fb81e2d33298c929180b",
"id": "CVE-2022-49218-a3e7e343",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"193810020535488083761325679827304409353",
"54168534926532141768717034958073160408",
"112599301804565950542521532706154284021",
"178421538789700209027669205016614168689",
"66020445504571683634394048472816006924",
"128495272890173158236004714989260857266",
"78573380885230251864291346679167059845",
"182906525179890504368042597147321115290",
"260140034265228802014883175038690560130",
"297121755630739477727560571886283233868",
"318691705072771582091772557625531341774"
]
},
"target": {
"file": "drivers/gpu/drm/drm_dp_helper.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@aeaed9a9fe694f8b1462fb81e2d33298c929180b",
"id": "CVE-2022-49218-b4994f21",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "267565969848097785453285262222317374674",
"length": 221.0
},
"target": {
"file": "drivers/gpu/drm/dp/drm_dp.c",
"function": "drm_dp_get_adjust_request_post_cursor"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a2151490cc6c57b368d7974ffd447a8b36ade639",
"id": "CVE-2022-49218-b665b0c3",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"327555316306831752339771470460971206818",
"104445973822688090367882129117710789172",
"105492260051451420151189689223522245514",
"167446085021364225365689514021133702029",
"239320460223945237416640533079080633358",
"227424167268184495389953579981162349043",
"316719914813790846486952107925446522386",
"225025000493102017828138613771932785289"
]
},
"target": {
"file": "drivers/gpu/drm/tegra/dp.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a2151490cc6c57b368d7974ffd447a8b36ade639",
"id": "CVE-2022-49218-b75c3471",
"deprecated": false,
"signature_version": "v1"
}
]