DEBIAN-CVE-2022-50826
- Source
- https://security-tracker.debian.org/tracker/CVE-2022-50826
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2022-50826.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2022-50826
- Upstream
- Published
- 2025-12-30T13:15:57.063Z
- Modified
- 2025-12-31T11:10:01.690424Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: ipu3-imgu: Fix NULL pointer dereference in imgusubdevsetselection() Calling v4l2subdevgettrycrop() and v4l2subdevgettrycompose() with a subdev state of NULL leads to a NULL pointer dereference. This can currently happen in imgusubdevsetselection() when the state passed in is NULL, as this method first gets pointers to both the "try" and "active" states and only then decides which to use. The same issue has been addressed for imgusubdevgetselection() with commit 30d03a0de650 ("ipu3-imgu: Fix NULL pointer dereference in active selection access"). However the issue still persists in imgusubdevsetselection(). Therefore, apply a similar fix as done in the aforementioned commit to imgusubdevsetselection(). To keep things a bit cleaner, introduce helper functions for "crop" and "compose" access and use them in both imgusubdevsetselection() and imgusubdevget_selection().
- References
Affected packages
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source