vulnerability
Ubuntu: (CVE-2022-49506): linux vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:S/C:N/I:N/A:C) | Feb 26, 2025 | Mar 19, 2025 | Oct 23, 2025 |
Description
In the Linux kernel, the following vulnerability has been resolved:
drm/mediatek: Add vblank register/unregister callback functions
We encountered a kernel panic issue that callback data will be NULL when
it's using in ovl irq handler. There is a timing issue between
mtk_disp_ovl_irq_handler() and mtk_ovl_disable_vblank().
To resolve this issue, we use the flow to register/unregister vblank cb:
- Register callback function and callback data when crtc creates.
- Unregister callback function and callback data when crtc destroies.
With this solution, we can assure callback data will not be NULL when
vblank is disable.
Solutions
References
- CVE-2022-49506
- https://attackerkb.com/topics/CVE-2022-49506
- URL-https://git.kernel.org/linus/b74d921b900b6ce38c6247c0a1c86be9f3746493
- URL-https://git.kernel.org/stable/c/3a4027b5971fe2a94e32754f007d9d3c12c68ad1
- URL-https://git.kernel.org/stable/c/8a265d9838bc3c63579002d55c2b2c655c4f8f26
- URL-https://git.kernel.org/stable/c/8a2dbdeccef6de47565638abdf3c25f41cdffc37
- URL-https://git.kernel.org/stable/c/b74d921b900b6ce38c6247c0a1c86be9f3746493
- URL-https://www.cve.org/CVERecord?id=CVE-2022-49506
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.