vulnerability

Debian: CVE-2022-49490: linux -- security update

Severity
5
CVSS
(AV:L/AC:L/Au:N/C:N/I:N/A:C)
Published
Feb 27, 2025
Added
Feb 27, 2025
Modified
Feb 28, 2025

Description

In the Linux kernel, the following vulnerability has been resolved:

drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected

mdp5_get_global_state runs the risk of hitting a -EDEADLK when acquiring
the modeset lock, but currently mdp5_pipe_release doesn't check for if
an error is returned. Because of this, there is a possibility of
mdp5_pipe_release hitting a NULL dereference error.

To avoid this, let's have mdp5_pipe_release check if
mdp5_get_global_state returns an error and propogate that error.

Changes since v1:
- Separated declaration and initialization of *new_state to avoid
compiler warning
- Fixed some spelling mistakes in commit message

Changes since v2:
- Return 0 in case where hwpipe is NULL as this is considered normal
behavior
- Added 2nd patch in series to fix a similar NULL dereference issue in
mdp5_mixer_release

Patchwork: https://patchwork.freedesktop.org/patch/485179/

Solution

debian-upgrade-linux
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.