CVE-2022-48843 in Linux
Summary
by MITRE • 07/16/2024
In the Linux kernel, the following vulnerability has been resolved:
drm/vrr: Set VRR capable prop only if it is attached to connector
VRR capable property is not attached by default to the connector It is attached only if VRR is supported. So if the driver tries to call drm core set prop function without it being attached that causes NULL dereference.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 12/29/2025
The vulnerability resides in the linux kernel's display subsystem within the direct rendering manager component specifically affecting variable refresh rate functionality. This issue manifests when the kernel attempts to set a VRR capable property on a display connector without first verifying that the property has been properly attached to that connector. The root cause stems from improper validation logic where drivers assume the VRR capability property is always available for setting operations, leading to a null pointer dereference condition.
The technical flaw occurs in the drm/vrr subsystem where the VRR capable property undergoes conditional attachment based on hardware support detection. When a driver invokes the drm core set property function, it attempts to operate on a property that may not have been initialized or attached to the connector structure. This creates a scenario where subsequent dereference operations fail catastrophically due to accessing null memory addresses, resulting in system crashes or potential privilege escalation opportunities depending on the execution context.
This vulnerability impacts the operational stability of graphics subsystems by introducing potential denial of service conditions during display configuration operations. The null pointer dereference represents a critical failure point that can occur when drivers attempt to configure variable refresh rate capabilities on display connectors, particularly affecting systems with mixed hardware configurations where some displays support VRR while others do not. The issue demonstrates poor defensive programming practices in kernel space code where proper null checks and state validation are missing before property manipulation operations.
The operational impact extends beyond simple system crashes to potentially affect graphics rendering pipelines and display management functionality across various linux distributions using affected kernel versions. Attackers could potentially exploit this vulnerability through malicious drivers or by manipulating display configuration parameters to trigger the null pointer dereference condition, though the direct exploitation vector remains limited due to the kernel space context required for triggering the flaw.
Mitigation strategies should focus on implementing proper validation checks before property operations, ensuring that all drm core functions validate property attachment status before attempting manipulation. The fix involves modifying driver code to verify property existence and attachment status before invoking drm core set property functions, aligning with secure coding practices recommended by industry standards including CWE-476 which addresses null pointer dereference vulnerabilities. Additionally, implementing proper error handling and state validation mechanisms would prevent the condition where drivers attempt operations on unattached properties, reducing the risk of system instability and potential exploitation scenarios that could arise from this class of vulnerability.