CVE-2022-49496

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-49496
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49496.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-49496
Downstream
Published
2025-02-26T02:13:31.528Z
Modified
2026-04-02T08:27:38.837672Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
media: mediatek: vcodec: prevent kernel crash when rmmod mtk-vcodec-dec.ko
Details

In the Linux kernel, the following vulnerability has been resolved:

media: mediatek: vcodec: prevent kernel crash when rmmod mtk-vcodec-dec.ko

If the driver support subdev mode, the parameter "dev->pm.dev" will be NULL in mtkvcodecdec_remove. Kernel will crash when try to rmmod mtk-vcodec-dec.ko.

[ 4380.702726] pc : dorawspintrylock+0x4/0x80 [ 4380.707075] lr : rawspinlockirq+0x90/0x14c [ 4380.711509] sp : ffff80000819bc10 [ 4380.714811] x29: ffff80000819bc10 x28: ffff3600c03e4000 x27: 0000000000000000 [ 4380.721934] x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000 [ 4380.729057] x23: ffff3600c0f34930 x22: ffffd5e923549000 x21: 0000000000000220 [ 4380.736179] x20: 0000000000000208 x19: ffffd5e9213e8ebc x18: 0000000000000020 [ 4380.743298] x17: 0000002000000000 x16: ffffd5e9213e8e90 x15: 696c346f65646976 [ 4380.750420] x14: 0000000000000000 x13: 0000000000000001 x12: 0000000000000040 [ 4380.757542] x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000 [ 4380.764664] x8 : 0000000000000000 x7 : ffff3600c7273ae8 x6 : ffffd5e9213e8ebc [ 4380.771786] x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000 [ 4380.778908] x2 : 0000000000000000 x1 : ffff3600c03e4000 x0 : 0000000000000208 [ 4380.786031] Call trace: [ 4380.788465] dorawspintrylock+0x4/0x80 [ 4380.792462] __pmruntimedisable+0x2c/0x1b0 [ 4380.796723] mtkvcodecdecremove+0x5c/0xa0 [mtkvcodecdec] [ 4380.802466] platformremove+0x2c/0x60 [ 4380.806204] __devicereleasedriver+0x194/0x250 [ 4380.810810] driverdetach+0xc8/0x15c [ 4380.814462] busremovedriver+0x5c/0xb0 [ 4380.818375] driverunregister+0x34/0x64 [ 4380.822288] platformdriverunregister+0x18/0x24 [ 4380.826979] mtkvcodecdecdriverexit+0x1c/0x888 [mtkvcodecdec] [ 4380.833240] __arm64sysdeletemodule+0x190/0x224 [ 4380.838020] invokesyscall+0x48/0x114 [ 4380.841760] el0svccommon.constprop.0+0x60/0x11c [ 4380.846540] doel0svc+0x28/0x90 [ 4380.849844] el0svc+0x4c/0x100 [ 4380.852975] el0t64synchandler+0xec/0xf0 [ 4380.857148] el0t64sync+0x190/0x194 [ 4380.860801] Code: 94431515 17ffffca d503201f d503245f (b9400004)

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49496.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
590577a4e5257ac3ed72999a94666ad6ba8f24bc
Fixed
1fa37b00dc55a061a3eb82e378849862b4aeca9d
Fixed
c10c0086db688c95bb4e0e378e523818dff1551d

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49496.json"