CVE-2022-49483 in Linux
Summary
by MITRE • 02/26/2025
In the Linux kernel, the following vulnerability has been resolved:
drm/msm/disp/dpu1: avoid clearing hw interrupts if hw_intr is null during drm uninit
If edp modeset init is failed due to panel being not ready and probe defers during drm bind, avoid clearing irqs and dereference hw_intr when hw_intr is null.
BUG: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
Call trace: dpu_core_irq_uninstall+0x50/0xb0 dpu_irq_uninstall+0x18/0x24 msm_drm_uninit+0xd8/0x16c msm_drm_bind+0x580/0x5fc try_to_bring_up_master+0x168/0x1c0 __component_add+0xb4/0x178 component_add+0x1c/0x28 dp_display_probe+0x38c/0x400 platform_probe+0xb0/0xd0 really_probe+0xcc/0x2c8 __driver_probe_device+0xbc/0xe8 driver_probe_device+0x48/0xf0 __device_attach_driver+0xa0/0xc8 bus_for_each_drv+0x8c/0xd8 __device_attach+0xc4/0x150 device_initial_probe+0x1c/0x28
Changes in V2: - Update commit message and coreect fixes tag.
Patchwork: https://patchwork.freedesktop.org/patch/484430/
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 02/26/2025
This vulnerability exists within the Linux kernel's display subsystem, specifically in the dpu1 driver component of the msm (Mobile Side Module) graphics framework. The issue manifests when handling drm (Direct Rendering Manager) uninitialization operations where hardware interrupt handling becomes problematic. The vulnerability stems from a null pointer dereference condition that occurs during error handling scenarios involving eDP (embedded display port) modeset initialization failures. When panel readiness conditions are not met during the drm binding process, the system attempts to defer the probe operation but fails to properly validate interrupt handler references before attempting to clear hardware interrupts.
The technical flaw occurs in the dpu_core_irq_uninstall function where the code attempts to clear hardware interrupts without first verifying that the hw_intr pointer reference is valid. This null pointer dereference vulnerability creates a critical execution path that can lead to kernel oops or system crashes when the drm uninitialization process encounters failed eDP modeset initialization followed by probe deferral. The call trace demonstrates a clear execution flow from the display driver probe functions through the component binding mechanisms to the final kernel NULL pointer dereference at virtual address zero. This represents a classic null pointer dereference vulnerability that falls under CWE-476, specifically targeting null pointer access in kernel space.
The operational impact of this vulnerability extends beyond simple system crashes as it represents a potential denial of service condition that could affect device boot processes or display functionality in mobile and embedded Linux systems. Attackers could potentially exploit this condition to cause system instability or force device reboots by triggering the specific error path involving eDP panel initialization failures. The vulnerability affects systems using the msm display driver framework and specifically impacts devices that utilize dpu1 hardware components for display processing. This issue directly relates to ATT&CK technique T1499.004 which involves system shutdown/reboot attacks through kernel-level modifications.
Mitigation strategies should focus on implementing proper null pointer validation before interrupt handler operations during drm uninitialization sequences. The patch addresses this by adding conditional checks to ensure hw_intr is not null before attempting to clear hardware interrupts. System administrators should ensure kernel updates are applied promptly to address this vulnerability, particularly in embedded systems where display functionality is critical. Additionally, monitoring for kernel oops messages related to display driver initialization failures can help identify systems potentially affected by this vulnerability. The fix represents a defensive programming approach that aligns with kernel security best practices and helps prevent unauthorized privilege escalation through kernel memory corruption attacks.