CVE-2022-50317
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-50317
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50317.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-50317
- Downstream
- Published
- 2025-09-15T15:15:43Z
- Modified
- 2025-09-15T21:00:21Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
drm/bridge: megachips: Fix a null pointer dereference bug
When removing the module we will get the following warning:
[ 31.911505] i2c-core: driver [stdp2690-ge-b850v3-fw] unregistered [ 31.912484] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI [ 31.913338] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] [ 31.915280] RIP: 0010:drmbridgeremove+0x97/0x130 [ 31.921825] Call Trace: [ 31.922533] stdp4028geb850v3fwremove+0x34/0x60 [megachipsstdpxxxxgeb850v3fw] [ 31.923139] i2cdeviceremove+0x181/0x1f0
The two bridges (stdp2690, stdp4028) do not probe at the same time, so the driver does not call geb850v3resgiter() when probing, causing the driver to try to remove the object that has not been initialized.
Fix this by checking whether both the bridges are probed.
- References
-
- https://git.kernel.org/stable/c/1daf69228e310938177119c4eadcd30fc75c81e0
- https://git.kernel.org/stable/c/1ff673333d46d2c1b053ebd0c1c7c7c79e36943e
- https://git.kernel.org/stable/c/21764467ab396d9f08921e0a5ffa1214244e1ad9
- https://git.kernel.org/stable/c/4610e7a4111fa3f3ce27c09d6d94008c55f1cd31
- https://git.kernel.org/stable/c/5bc20bafcd87ba0858ab772cefc7047cb51bc249
- https://git.kernel.org/stable/c/7371fad5cfe6eada6bb5523c895fd6074b15c2b9
- https://git.kernel.org/stable/c/877e92e9b1bdeb580b31a46061005936be902cd4
- https://git.kernel.org/stable/c/aaa512ad1e59f2edf8a9e4f2b167a44b24670679