CVE-2022-48634
Vulnerability from cvelistv5
Published
2024-04-28 12:59
Modified
2024-11-04 12:13
Severity ?
EPSS score ?
Summary
drm/gma500: Fix BUG: sleeping function called from invalid context errors
References
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2022-48634", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-16T20:42:08.256561Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-noinfo Not enough information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-30T15:32:26.128Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-03T15:17:55.501Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/c5812807e416618477d1bb0049727ce8bb8292fd" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e5ae504c8623476e13032670f1a6d6344d53ec9b" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/a6ed7624bf4d0a32f2631e74828bca7b7bf15afd" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/63e37a79f7bd939314997e29c2f5a9f0ef184281" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/gpu/drm/gma500/gma_display.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "c5812807e416", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "e5ae504c8623", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "a6ed7624bf4d", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "63e37a79f7bd", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/gpu/drm/gma500/gma_display.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.146", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.71", "versionType": "semver" }, { "lessThanOrEqual": "5.19.*", "status": "unaffected", "version": "5.19.12", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.0", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: Fix BUG: sleeping function called from invalid context errors\n\ngma_crtc_page_flip() was holding the event_lock spinlock while calling\ncrtc_funcs-\u003emode_set_base() which takes ww_mutex.\n\nThe only reason to hold event_lock is to clear gma_crtc-\u003epage_flip_event\non mode_set_base() errors.\n\nInstead unlock it after setting gma_crtc-\u003epage_flip_event and on\nerrors re-take the lock and clear gma_crtc-\u003epage_flip_event it\nit is still set.\n\nThis fixes the following WARN/stacktrace:\n\n[ 512.122953] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:870\n[ 512.123004] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 1253, name: gnome-shell\n[ 512.123031] preempt_count: 1, expected: 0\n[ 512.123048] RCU nest depth: 0, expected: 0\n[ 512.123066] INFO: lockdep is turned off.\n[ 512.123080] irq event stamp: 0\n[ 512.123094] hardirqs last enabled at (0): [\u003c0000000000000000\u003e] 0x0\n[ 512.123134] hardirqs last disabled at (0): [\u003cffffffff8d0ec28c\u003e] copy_process+0x9fc/0x1de0\n[ 512.123176] softirqs last enabled at (0): [\u003cffffffff8d0ec28c\u003e] copy_process+0x9fc/0x1de0\n[ 512.123207] softirqs last disabled at (0): [\u003c0000000000000000\u003e] 0x0\n[ 512.123233] Preemption disabled at:\n[ 512.123241] [\u003c0000000000000000\u003e] 0x0\n[ 512.123275] CPU: 3 PID: 1253 Comm: gnome-shell Tainted: G W 5.19.0+ #1\n[ 512.123304] Hardware name: Packard Bell dot s/SJE01_CT, BIOS V1.10 07/23/2013\n[ 512.123323] Call Trace:\n[ 512.123346] \u003cTASK\u003e\n[ 512.123370] dump_stack_lvl+0x5b/0x77\n[ 512.123412] __might_resched.cold+0xff/0x13a\n[ 512.123458] ww_mutex_lock+0x1e/0xa0\n[ 512.123495] psb_gem_pin+0x2c/0x150 [gma500_gfx]\n[ 512.123601] gma_pipe_set_base+0x76/0x240 [gma500_gfx]\n[ 512.123708] gma_crtc_page_flip+0x95/0x130 [gma500_gfx]\n[ 512.123808] drm_mode_page_flip_ioctl+0x57d/0x5d0\n[ 512.123897] ? drm_mode_cursor2_ioctl+0x10/0x10\n[ 512.123936] drm_ioctl_kernel+0xa1/0x150\n[ 512.123984] drm_ioctl+0x21f/0x420\n[ 512.124025] ? drm_mode_cursor2_ioctl+0x10/0x10\n[ 512.124070] ? rcu_read_lock_bh_held+0xb/0x60\n[ 512.124104] ? lock_release+0x1ef/0x2d0\n[ 512.124161] __x64_sys_ioctl+0x8d/0xd0\n[ 512.124203] do_syscall_64+0x58/0x80\n[ 512.124239] ? do_syscall_64+0x67/0x80\n[ 512.124267] ? trace_hardirqs_on_prepare+0x55/0xe0\n[ 512.124300] ? do_syscall_64+0x67/0x80\n[ 512.124340] ? rcu_read_lock_sched_held+0x10/0x80\n[ 512.124377] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[ 512.124411] RIP: 0033:0x7fcc4a70740f\n[ 512.124442] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 \u003c89\u003e c2 3d 00 f0 ff ff 77 18 48 8b 44 24 18 64 48 2b 04 25 28 00 00\n[ 512.124470] RSP: 002b:00007ffda73f5390 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\n[ 512.124503] RAX: ffffffffffffffda RBX: 000055cc9e474500 RCX: 00007fcc4a70740f\n[ 512.124524] RDX: 00007ffda73f5420 RSI: 00000000c01864b0 RDI: 0000000000000009\n[ 512.124544] RBP: 00007ffda73f5420 R08: 000055cc9c0b0cb0 R09: 0000000000000034\n[ 512.124564] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000c01864b0\n[ 512.124584] R13: 0000000000000009 R14: 000055cc9df484d0 R15: 000055cc9af5d0c0\n[ 512.124647] \u003c/TASK\u003e" } ], "providerMetadata": { "dateUpdated": "2024-11-04T12:13:40.071Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/c5812807e416618477d1bb0049727ce8bb8292fd" }, { "url": "https://git.kernel.org/stable/c/e5ae504c8623476e13032670f1a6d6344d53ec9b" }, { "url": "https://git.kernel.org/stable/c/a6ed7624bf4d0a32f2631e74828bca7b7bf15afd" }, { "url": "https://git.kernel.org/stable/c/63e37a79f7bd939314997e29c2f5a9f0ef184281" } ], "title": "drm/gma500: Fix BUG: sleeping function called from invalid context errors", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2022-48634", "datePublished": "2024-04-28T12:59:19.749Z", "dateReserved": "2024-02-25T13:44:28.315Z", "dateUpdated": "2024-11-04T12:13:40.071Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2022-48634\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-04-28T13:15:06.617\",\"lastModified\":\"2024-10-30T16:35:02.927\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ndrm/gma500: Fix BUG: sleeping function called from invalid context errors\\n\\ngma_crtc_page_flip() was holding the event_lock spinlock while calling\\ncrtc_funcs-\u003emode_set_base() which takes ww_mutex.\\n\\nThe only reason to hold event_lock is to clear gma_crtc-\u003epage_flip_event\\non mode_set_base() errors.\\n\\nInstead unlock it after setting gma_crtc-\u003epage_flip_event and on\\nerrors re-take the lock and clear gma_crtc-\u003epage_flip_event it\\nit is still set.\\n\\nThis fixes the following WARN/stacktrace:\\n\\n[ 512.122953] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:870\\n[ 512.123004] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 1253, name: gnome-shell\\n[ 512.123031] preempt_count: 1, expected: 0\\n[ 512.123048] RCU nest depth: 0, expected: 0\\n[ 512.123066] INFO: lockdep is turned off.\\n[ 512.123080] irq event stamp: 0\\n[ 512.123094] hardirqs last enabled at (0): [\u003c0000000000000000\u003e] 0x0\\n[ 512.123134] hardirqs last disabled at (0): [\u003cffffffff8d0ec28c\u003e] copy_process+0x9fc/0x1de0\\n[ 512.123176] softirqs last enabled at (0): [\u003cffffffff8d0ec28c\u003e] copy_process+0x9fc/0x1de0\\n[ 512.123207] softirqs last disabled at (0): [\u003c0000000000000000\u003e] 0x0\\n[ 512.123233] Preemption disabled at:\\n[ 512.123241] [\u003c0000000000000000\u003e] 0x0\\n[ 512.123275] CPU: 3 PID: 1253 Comm: gnome-shell Tainted: G W 5.19.0+ #1\\n[ 512.123304] Hardware name: Packard Bell dot s/SJE01_CT, BIOS V1.10 07/23/2013\\n[ 512.123323] Call Trace:\\n[ 512.123346] \u003cTASK\u003e\\n[ 512.123370] dump_stack_lvl+0x5b/0x77\\n[ 512.123412] __might_resched.cold+0xff/0x13a\\n[ 512.123458] ww_mutex_lock+0x1e/0xa0\\n[ 512.123495] psb_gem_pin+0x2c/0x150 [gma500_gfx]\\n[ 512.123601] gma_pipe_set_base+0x76/0x240 [gma500_gfx]\\n[ 512.123708] gma_crtc_page_flip+0x95/0x130 [gma500_gfx]\\n[ 512.123808] drm_mode_page_flip_ioctl+0x57d/0x5d0\\n[ 512.123897] ? drm_mode_cursor2_ioctl+0x10/0x10\\n[ 512.123936] drm_ioctl_kernel+0xa1/0x150\\n[ 512.123984] drm_ioctl+0x21f/0x420\\n[ 512.124025] ? drm_mode_cursor2_ioctl+0x10/0x10\\n[ 512.124070] ? rcu_read_lock_bh_held+0xb/0x60\\n[ 512.124104] ? lock_release+0x1ef/0x2d0\\n[ 512.124161] __x64_sys_ioctl+0x8d/0xd0\\n[ 512.124203] do_syscall_64+0x58/0x80\\n[ 512.124239] ? do_syscall_64+0x67/0x80\\n[ 512.124267] ? trace_hardirqs_on_prepare+0x55/0xe0\\n[ 512.124300] ? do_syscall_64+0x67/0x80\\n[ 512.124340] ? rcu_read_lock_sched_held+0x10/0x80\\n[ 512.124377] entry_SYSCALL_64_after_hwframe+0x63/0xcd\\n[ 512.124411] RIP: 0033:0x7fcc4a70740f\\n[ 512.124442] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 \u003c89\u003e c2 3d 00 f0 ff ff 77 18 48 8b 44 24 18 64 48 2b 04 25 28 00 00\\n[ 512.124470] RSP: 002b:00007ffda73f5390 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\\n[ 512.124503] RAX: ffffffffffffffda RBX: 000055cc9e474500 RCX: 00007fcc4a70740f\\n[ 512.124524] RDX: 00007ffda73f5420 RSI: 00000000c01864b0 RDI: 0000000000000009\\n[ 512.124544] RBP: 00007ffda73f5420 R08: 000055cc9c0b0cb0 R09: 0000000000000034\\n[ 512.124564] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000c01864b0\\n[ 512.124584] R13: 0000000000000009 R14: 000055cc9df484d0 R15: 000055cc9af5d0c0\\n[ 512.124647] \u003c/TASK\u003e\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: drm/gma500: Correcci\u00f3n de ERROR: funci\u00f3n inactiva llamada desde errores de contexto no v\u00e1lidos gma_crtc_page_flip() estaba manteniendo el spinlock event_lock mientras llamaba a crtc_funcs-\u0026gt;mode_set_base() que toma ww_mutex. La \u00fanica raz\u00f3n para mantener event_lock es borrar los errores de gma_crtc-\u0026gt;page_flip_event en mode_set_base(). En su lugar, desbloqu\u00e9elo despu\u00e9s de configurar gma_crtc-\u0026gt;page_flip_event y, en caso de errores, vuelva a tomar el bloqueo y borre gma_crtc-\u0026gt;page_flip_event si todav\u00eda est\u00e1 configurado. Esto corrige la siguiente ADVERTENCIA/stacktrace: [512.122953] ERROR: funci\u00f3n inactiva llamada desde un contexto no v\u00e1lido en kernel/locking/mutex.c:870 [512.123004] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 1253, nombre: gnome-shell [512.123031] preempt_count: 1, esperado: 0 [512.123048] Profundidad del nido de RCU: 0, esperado: 0 [512.123066] INFORMACI\u00d3N: lockdep est\u00e1 desactivado. [ 512.123080] sello de evento irq: 0 [ 512.123094] hardirqs habilitado por \u00faltima vez en (0): [\u0026lt;0000000000000000\u0026gt;] 0x0 [ 512.123134] hardirqs deshabilitado por \u00faltima vez en (0): [] copy_process+0x9fc/0x1de0 [ 5 12.123176] softirqs habilitado por \u00faltima vez en (0): [] copy_process+0x9fc/0x1de0 [ 512.123207] softirqs deshabilitado por \u00faltima vez en (0): [\u0026lt;0000000000000000\u0026gt;] 0x0 [ 512.123233] Preferencia deshabilitada en: [ 512.123241] 0000000000\u0026gt;] 0x0 [ 512.123275] CPU: 3 PID: 1253 Comunicaciones: gnome-shell Contaminado: GW 5.19.0+ #1 [ 512.123304] Nombre de hardware: Packard Bell dot s/SJE01_CT, BIOS V1.10 23/07/2013 [ 512.123323] Seguimiento de llamadas : [ 512.123346] [ 512.123370] dump_stack_lvl+0x5b/0x77 [ 512.123412] __might_resched.cold+0xff/0x13a [ 512.123458] ww_mutex_lock+0x1e/0xa0 [ 512.123495 ] psb_gem_pin+0x2c/0x150 [gma500_gfx] [ 512.123601] gma_pipe_set_base+0x76 /0x240 [gma500_gfx] [ 512.123708] gma_crtc_page_flip+0x95/0x130 [gma500_gfx] [ 512.123808] drm_mode_page_flip_ioctl+0x57d/0x5d0 [ 512.123897] ? drm_mode_cursor2_ioctl+0x10/0x10 [ 512.123936] drm_ioctl_kernel+0xa1/0x150 [ 512.123984] drm_ioctl+0x21f/0x420 [ 512.124025] ? drm_mode_cursor2_ioctl+0x10/0x10 [512.124070]? rcu_read_lock_bh_held+0xb/0x60 [512.124104]? lock_release+0x1ef/0x2d0 [ 512.124161] __x64_sys_ioctl+0x8d/0xd0 [ 512.124203] do_syscall_64+0x58/0x80 [ 512.124239] ? do_syscall_64+0x67/0x80 [512.124267]? trace_hardirqs_on_prepare+0x55/0xe0 [512.124300]? do_syscall_64+0x67/0x80 [512.124340]? rcu_read_lock_sched_held+0x10/0x80 [ 512.124377] Entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 512.124411] RIP: 0033:0x7fcc4a70740f [ 512.124442] C\u00f3digo: 00 48 89 44 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 \u0026lt;89\u0026gt; c2 3d 00 f0 ff ff 77 18 48 8b 44 24 18 64 48 2b 04 25 28 00 00 [ 24470]RSP: 002b:00007ffda73f5390 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 512.124503] RAX: ffffffffffffffda RBX: 000055cc9e474500 RCX: 00007fcc4a70740f [ 512.124524] RDX: 7ffda73f5420 RSI: 00000000c01864b0 RDI: 0000000000000009 [ 512.124544] RBP: 00007ffda73f5420 R08: 000055cc9c0b0cb0 R09: 0000000000000034 12.124564] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000c01864b0 [ 512.124584] R13: 0000000000000009 R14: 000055cc9df484d0 R15: 000055cc9af5d0c0 [ 512.124647 ] \"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.8,\"impactScore\":3.4}]},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/63e37a79f7bd939314997e29c2f5a9f0ef184281\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a6ed7624bf4d0a32f2631e74828bca7b7bf15afd\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/c5812807e416618477d1bb0049727ce8bb8292fd\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/e5ae504c8623476e13032670f1a6d6344d53ec9b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}" } }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.