Linux Kernel up to 5.10.109/5.15.32/5.16.18/5.17.1 dp_panel_handle_sink_request dp_display null pointer dereference
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.0 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Linux Kernel up to 5.10.109/5.15.32/5.16.18/5.17.1. It has been classified as critical. The affected element is the function dp_panel_handle_sink_request. Performing a manipulation of the argument dp_display results in null pointer dereference.
This vulnerability is known as CVE-2022-49221. No exploit is available.
Upgrading the affected component is recommended.
Details
A vulnerability, which was classified as critical, was found in Linux Kernel up to 5.10.109/5.15.32/5.16.18/5.17.1. This affects the function dp_panel_handle_sink_request. The manipulation of the argument dp_display with an unknown input leads to a null pointer dereference vulnerability. CWE is classifying the issue as CWE-476. A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. This is going to have an impact on availability. The summary by CVE is:
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: populate connector of struct dp_panel DP CTS test case 4.2.2.6 has valid edid with bad checksum on purpose and expect DP source return correct checksum. During drm edid read, correct edid checksum is calculated and stored at connector::real_edid_checksum. The problem is struct dp_panel::connector never be assigned, instead the connector is stored in struct msm_dp::connector. When we run compliance testing test case 4.2.2.6 dp_panel_handle_sink_request() won't have a valid edid set in struct dp_panel::edid so we'll try to use the connectors real_edid_checksum and hit a NULL pointer dereference error because the connector pointer is never assigned. Changes in V2: -- populate panel connector at msm_dp_modeset_init() instead of at dp_panel_read_sink_caps() Changes in V3: -- remove unhelpful kernel crash trace commit text -- remove renaming dp_display parameter to dp Changes in V4: -- add more details to commit text Changes in v10: -- group into one series Changes in v11: -- drop drm/msm/dp: dp_link_parse_sink_count() return immediately if aux read Signee-off-by: Kuogee Hsieh
It is possible to read the advisory at git.kernel.org. This vulnerability is uniquely identified as CVE-2022-49221 since 02/26/2025. The exploitability is told to be difficult. Technical details of the vulnerability are known, but there is no available exploit.
Upgrading to version 5.10.110, 5.15.33, 5.16.19 or 5.17.2 eliminates this vulnerability. Applying the patch 413c62697b61226a236c8b1f5cd64dcf42bcc12f/9525b8bcae8b99188990b56484799cf4b1b43786/fbba600f432a360b42452fee79d1fb35d3aa8aeb/104074ebc0c3f358dd1ee944fbcde92c6e5a21dd/5e602f5156910c7b19661699896cb6e3fb94fab9 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Type
Vendor
Name
Version
- 5.10.109
- 5.15.0
- 5.15.1
- 5.15.2
- 5.15.3
- 5.15.4
- 5.15.5
- 5.15.6
- 5.15.7
- 5.15.8
- 5.15.9
- 5.15.10
- 5.15.11
- 5.15.12
- 5.15.13
- 5.15.14
- 5.15.15
- 5.15.16
- 5.15.17
- 5.15.18
- 5.15.19
- 5.15.20
- 5.15.21
- 5.15.22
- 5.15.23
- 5.15.24
- 5.15.25
- 5.15.26
- 5.15.27
- 5.15.28
- 5.15.29
- 5.15.30
- 5.15.31
- 5.15.32
- 5.16.0
- 5.16.1
- 5.16.2
- 5.16.3
- 5.16.4
- 5.16.5
- 5.16.6
- 5.16.7
- 5.16.8
- 5.16.9
- 5.16.10
- 5.16.11
- 5.16.12
- 5.16.13
- 5.16.14
- 5.16.15
- 5.16.16
- 5.16.17
- 5.16.18
- 5.17.0
- 5.17.1
License
Website
- Vendor: https://www.kernel.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.1VulDB Meta Temp Score: 5.0
VulDB Base Score: 4.8
VulDB Temp Score: 4.6
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 5.5
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Null pointer dereferenceCWE: CWE-476 / CWE-404
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Partially
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Kernel 5.10.110/5.15.33/5.16.19/5.17.2
Patch: 413c62697b61226a236c8b1f5cd64dcf42bcc12f/9525b8bcae8b99188990b56484799cf4b1b43786/fbba600f432a360b42452fee79d1fb35d3aa8aeb/104074ebc0c3f358dd1ee944fbcde92c6e5a21dd/5e602f5156910c7b19661699896cb6e3fb94fab9
Timeline
02/26/2025 🔍02/26/2025 🔍
02/26/2025 🔍
03/19/2025 🔍
Sources
Vendor: kernel.orgAdvisory: git.kernel.org
Status: Confirmed
CVE: CVE-2022-49221 (🔍)
GCVE (CVE): GCVE-0-2022-49221
GCVE (VulDB): GCVE-100-297435
Entry
Created: 02/26/2025 11:36Updated: 03/19/2025 05:27
Changes: 02/26/2025 11:36 (59), 03/19/2025 05:27 (12)
Complete: 🔍
Cache ID: 216::103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.