CVE-2022-49247 in Linux
Summary
by MITRE • 02/26/2025
In the Linux kernel, the following vulnerability has been resolved:
media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED
If the callback 'start_streaming' fails, then all queued buffers in the driver should be returned with state 'VB2_BUF_STATE_QUEUED'. Currently, they are returned with 'VB2_BUF_STATE_ERROR' which is wrong. Fix this. This also fixes the warning:
[ 65.583633] WARNING: CPU: 5 PID: 593 at drivers/media/common/videobuf2/videobuf2-core.c:1612 vb2_start_streaming+0xd4/0x160 [videobuf2_common]
[ 65.585027] Modules linked in: snd_usb_audio snd_hwdep snd_usbmidi_lib snd_rawmidi snd_soc_hdmi_codec dw_hdmi_i2s_audio saa7115 stk1160 videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 videobuf2_common videodev mc crct10dif_ce panfrost snd_soc_simple_card snd_soc_audio_graph_card snd_soc_spdif_tx snd_soc_simple_card_utils gpu_sched phy_rockchip_pcie snd_soc_rockchip_i2s rockchipdrm analogix_dp dw_mipi_dsi dw_hdmi cec drm_kms_helper drm rtc_rk808 rockchip_saradc industrialio_triggered_buffer kfifo_buf rockchip_thermal pcie_rockchip_host ip_tables x_tables ipv6
[ 65.589383] CPU: 5 PID: 593 Comm: v4l2src0:src Tainted: G W 5.16.0-rc4-62408-g32447129cb30-dirty #14
[ 65.590293] Hardware name: Radxa ROCK Pi 4B (DT)
[ 65.590696] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 65.591304] pc : vb2_start_streaming+0xd4/0x160 [videobuf2_common]
[ 65.591850] lr : vb2_start_streaming+0x6c/0x160 [videobuf2_common]
[ 65.592395] sp : ffff800012bc3ad0
[ 65.592685] x29: ffff800012bc3ad0 x28: 0000000000000000 x27: ffff800012bc3cd8
[ 65.593312] x26: 0000000000000000 x25: ffff00000d8a7800 x24: 0000000040045612
[ 65.593938] x23: ffff800011323000 x22: ffff800012bc3cd8 x21: ffff00000908a8b0
[ 65.594562] x20: ffff00000908a8c8 x19: 00000000fffffff4 x18: ffffffffffffffff
[ 65.595188] x17: 000000040044ffff x16: 00400034b5503510 x15: ffff800011323f78
[ 65.595813] x14: ffff000013163886 x13: ffff000013163885 x12: 00000000000002ce
[ 65.596439] x11: 0000000000000028 x10: 0000000000000001 x9 : 0000000000000228
[ 65.597064] x8 : 0101010101010101 x7 : 7f7f7f7f7f7f7f7f x6 : fefefeff726c5e78
[ 65.597690] x5 : ffff800012bc3990 x4 : 0000000000000000 x3 : ffff000009a34880
[ 65.598315] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff000007cd99f0
[ 65.598940] Call trace:
[ 65.599155] vb2_start_streaming+0xd4/0x160 [videobuf2_common]
[ 65.599672] vb2_core_streamon+0x17c/0x1a8 [videobuf2_common]
[ 65.600179] vb2_streamon+0x54/0x88 [videobuf2_v4l2]
[ 65.600619] vb2_ioctl_streamon+0x54/0x60 [videobuf2_v4l2]
[ 65.601103] v4l_streamon+0x3c/0x50 [videodev]
[ 65.601521] __video_do_ioctl+0x1a4/0x428 [videodev]
[ 65.601977] video_usercopy+0x320/0x828 [videodev]
[ 65.602419] video_ioctl2+0x3c/0x58 [videodev]
[ 65.602830] v4l2_ioctl+0x60/0x90 [videodev]
[ 65.603227] __arm64_sys_ioctl+0xa8/0xe0
[ 65.603576] invoke_syscall+0x54/0x118
[ 65.603911] el0_svc_common.constprop.3+0x84/0x100
[ 65.604332] do_el0_svc+0x34/0xa0
[ 65.604625] el0_svc+0x1c/0x50
[ 65.604897] el0t_64_sync_handler+0x88/0xb0
[ 65.605264] el0t_64_sync+0x16c/0x170
[ 65.605587] ---[ end trace 578e0ba07742170d ]---
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 10/21/2025
The vulnerability CVE-2022-49247 resides within the Linux kernel's media subsystem, specifically affecting the stk1160 driver used for USB video capture devices. This flaw manifests when the driver's start_streaming callback function fails during video streaming initialization. The issue stems from incorrect buffer state management where queued buffers are erroneously marked with VB2_BUF_STATE_ERROR instead of the correct VB2_BUF_STATE_QUEUED state. This misclassification leads to improper buffer handling and generates kernel warnings that can disrupt system stability and video capture operations.
The technical implementation of this vulnerability involves the videobuf2 framework which manages video buffer queues in the Linux kernel. When start_streaming fails, the driver should properly return all queued buffers to the VB2_BUF_STATE_QUEUED state to indicate they remain available for future use. However, the buggy implementation incorrectly transitions these buffers to VB2_BUF_STATE_ERROR, which signals an error condition that can cause downstream components to mishandle the buffer state. This error propagation occurs through the videobuf2-core.c file at line 1612 in the vb2_start_streaming function, as evidenced by the kernel warning trace showing the call stack from vb2_start_streaming down through vb2_core_streamon and ultimately to user-space ioctl calls.
The operational impact of this vulnerability extends beyond simple warning messages to potentially destabilize video capture applications and streaming services. Systems utilizing the stk1160 driver, particularly those in embedded platforms like the Radxa ROCK Pi 4B, may experience inconsistent video streaming behavior, buffer starvation, or application crashes when streaming operations fail. The improper buffer state management can also interfere with proper resource cleanup and recovery mechanisms, leading to potential memory leaks or resource exhaustion in long-running video capture scenarios. This vulnerability particularly affects multimedia applications that rely on the V4L2 (Video for Linux 2) framework for camera and video device control, making it relevant to a wide range of embedded systems, digital signage, and IoT devices.
Mitigation strategies for CVE-2022-49247 focus on applying the kernel patch that corrects the buffer state transition logic in the stk1160 driver. System administrators should ensure their Linux kernel installations are updated to versions containing the fix, typically those incorporating the patch that properly handles the VB2_BUF_STATE_QUEUED return for buffers when start_streaming fails. Organizations deploying affected hardware should monitor for kernel updates and apply them promptly, particularly in production environments where video capture reliability is critical. Additionally, implementing proper error handling in applications that use the affected drivers can help detect and recover from such buffer state inconsistencies, though the primary fix must occur at the kernel level. This vulnerability aligns with CWE-252, which addresses "Unchecked Return Value" in security contexts, and may be relevant to ATT&CK techniques involving privilege escalation or system stability compromise through kernel-level flaws.