CVE-2022-50841 in Linuxالمعلومات

الملخص

بحسب VulDB • 21/06/2026

Based on the kernel oops trace provided, here is an analysis of the crash.

### **Summary** The kernel has crashed in the function **`mi_enum_attr`** with a **NULL pointer dereference** (or invalid pointer dereference). The crash occurs while the kernel is trying to access memory at address `0xffff956a83c76067`, which is an invalid user/kernel space address (likely a corrupted pointer or a dereference of a NULL/invalid struct member).

---

### **Key Details from the Trace**

1. **Crash Location**: ``` RIP: 0010:mi_enum_attr+0x44/0x110 ``` - The crash happened in the function `mi_enum_attr` at offset `0x44`. - This function is part of the **Intel Media Driver** (`i915`/`media` subsystem), specifically related to **Media Interface (MI) attribute enumeration**. This is commonly associated with **Intel QuickSync Video** or **VAAPI** hardware acceleration.

2. **Faulting Address**: ``` CR2: ff956a83c76067 ``` - `CR2` holds the linear address that caused the page fault. - The address `0xffff956a83c76067` is **not a valid kernel address** in most configurations. It looks like a corrupted pointer (possibly a NULL pointer that was offset incorrectly, or a use-after-free scenario).

3. **Register State**: ``` RAX: ff956a83c76067 ``` - `RAX` contains the same invalid address as `CR2`, confirming that the CPU tried to dereference `RAX` (or a value derived from it) and failed.

4. **Call Context**: - The function `mi_enum_attr` is likely being called from a sysfs, debugfs, or ioctl path where the kernel is enumerating media attributes for a device. - The presence of `Modules linked in:` suggests this is a loadable kernel module (likely `i915` or `media` driver).

---

### **Likely Cause** This is a **kernel bug** in the Intel Media Driver (`i915` or `media` subsystem). Possible root causes include:

1. **NULL Pointer Dereference**: - The code in `mi_enum_attr` is trying to access a member of a struct that is NULL. - Example: `struct->member` where `struct` is NULL.

2. **Use-After-Free**: - The pointer being dereferenced was freed earlier, and the memory has been reused or corrupted.

3. **Race Condition**: - A concurrent operation modified or freed the data structure while `mi_enum_attr` was accessing it.

4. **Corrupted Pointer**: - The pointer value itself is garbage (e.g., due to stack corruption or integer overflow).

---

### **How to Debug Further**

1. **Check Kernel Version**: - Identify your kernel version (`uname -r`). This bug may have been fixed in a newer kernel. - Search for bugs in the Linux kernel bugzilla or Intel graphics mailing lists with keywords: `mi_enum_attr`, `i915`, `media`, `NULL pointer dereference`.

2. **Reproduce the Crash**: - What were you doing when the crash occurred? - Running a video playback application (e.g., VLC, MPV)? - Using `vainfo` or `intel_gpu_top`? - Accessing `/sys/class/drm/` or `/dev/dri/` devices? - Try to reproduce the crash in a controlled environment.

3. **Enable Debug Symbols**: - If you have debug symbols for the `i915` module, you can get a more detailed backtrace: ```bash sudo dmesg | grep -A 50 "mi_enum_attr" ``` - Look for the full call trace above the `RIP` line (which was truncated in your log).

4. **Check for Known Fixes**: - This issue may be related to recent changes in the Intel media driver. Check for patches in the `linux-media` or `drm-intel` trees.

---

### **Workaround** If this crash is preventing system stability:

1. **Disable Intel Media Driver**: - Blacklist the `i915` module or disable hardware acceleration in your applications. - Add `i915.disable_vdpau=

VulDB is the best source for vulnerability data and more expert information about this specific topic.

مسؤول

Linux

حجز

30/12/2025

إفشاء

30/12/2025

الاعتدال

تمت الموافقة

إدخال

VDB-338882

EPSS

0.00217

KEV

لا

النشاطات

منخفض جدًا

المصادر

Do you need the next level of professionalism?

Upgrade your account now!