CVE-2022-48634
Vulnerability from cvelistv5
Published
2024-04-28 12:59
Modified
2024-11-04 12:13
Summary
drm/gma500: Fix BUG: sleeping function called from invalid context errors
Impacted products
LinuxLinux
LinuxLinux
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "LOW",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-48634",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-16T20:42:08.256561Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:32:26.128Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T15:17:55.501Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c5812807e416618477d1bb0049727ce8bb8292fd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e5ae504c8623476e13032670f1a6d6344d53ec9b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a6ed7624bf4d0a32f2631e74828bca7b7bf15afd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/63e37a79f7bd939314997e29c2f5a9f0ef184281"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/gma500/gma_display.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c5812807e416",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "e5ae504c8623",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "a6ed7624bf4d",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "63e37a79f7bd",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/gma500/gma_display.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.146",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.71",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.19.*",
              "status": "unaffected",
              "version": "5.19.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: Fix BUG: sleeping function called from invalid context errors\n\ngma_crtc_page_flip() was holding the event_lock spinlock while calling\ncrtc_funcs-\u003emode_set_base() which takes ww_mutex.\n\nThe only reason to hold event_lock is to clear gma_crtc-\u003epage_flip_event\non mode_set_base() errors.\n\nInstead unlock it after setting gma_crtc-\u003epage_flip_event and on\nerrors re-take the lock and clear gma_crtc-\u003epage_flip_event it\nit is still set.\n\nThis fixes the following WARN/stacktrace:\n\n[  512.122953] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:870\n[  512.123004] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 1253, name: gnome-shell\n[  512.123031] preempt_count: 1, expected: 0\n[  512.123048] RCU nest depth: 0, expected: 0\n[  512.123066] INFO: lockdep is turned off.\n[  512.123080] irq event stamp: 0\n[  512.123094] hardirqs last  enabled at (0): [\u003c0000000000000000\u003e] 0x0\n[  512.123134] hardirqs last disabled at (0): [\u003cffffffff8d0ec28c\u003e] copy_process+0x9fc/0x1de0\n[  512.123176] softirqs last  enabled at (0): [\u003cffffffff8d0ec28c\u003e] copy_process+0x9fc/0x1de0\n[  512.123207] softirqs last disabled at (0): [\u003c0000000000000000\u003e] 0x0\n[  512.123233] Preemption disabled at:\n[  512.123241] [\u003c0000000000000000\u003e] 0x0\n[  512.123275] CPU: 3 PID: 1253 Comm: gnome-shell Tainted: G        W         5.19.0+ #1\n[  512.123304] Hardware name: Packard Bell dot s/SJE01_CT, BIOS V1.10 07/23/2013\n[  512.123323] Call Trace:\n[  512.123346]  \u003cTASK\u003e\n[  512.123370]  dump_stack_lvl+0x5b/0x77\n[  512.123412]  __might_resched.cold+0xff/0x13a\n[  512.123458]  ww_mutex_lock+0x1e/0xa0\n[  512.123495]  psb_gem_pin+0x2c/0x150 [gma500_gfx]\n[  512.123601]  gma_pipe_set_base+0x76/0x240 [gma500_gfx]\n[  512.123708]  gma_crtc_page_flip+0x95/0x130 [gma500_gfx]\n[  512.123808]  drm_mode_page_flip_ioctl+0x57d/0x5d0\n[  512.123897]  ? drm_mode_cursor2_ioctl+0x10/0x10\n[  512.123936]  drm_ioctl_kernel+0xa1/0x150\n[  512.123984]  drm_ioctl+0x21f/0x420\n[  512.124025]  ? drm_mode_cursor2_ioctl+0x10/0x10\n[  512.124070]  ? rcu_read_lock_bh_held+0xb/0x60\n[  512.124104]  ? lock_release+0x1ef/0x2d0\n[  512.124161]  __x64_sys_ioctl+0x8d/0xd0\n[  512.124203]  do_syscall_64+0x58/0x80\n[  512.124239]  ? do_syscall_64+0x67/0x80\n[  512.124267]  ? trace_hardirqs_on_prepare+0x55/0xe0\n[  512.124300]  ? do_syscall_64+0x67/0x80\n[  512.124340]  ? rcu_read_lock_sched_held+0x10/0x80\n[  512.124377]  entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[  512.124411] RIP: 0033:0x7fcc4a70740f\n[  512.124442] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 \u003c89\u003e c2 3d 00 f0 ff ff 77 18 48 8b 44 24 18 64 48 2b 04 25 28 00 00\n[  512.124470] RSP: 002b:00007ffda73f5390 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\n[  512.124503] RAX: ffffffffffffffda RBX: 000055cc9e474500 RCX: 00007fcc4a70740f\n[  512.124524] RDX: 00007ffda73f5420 RSI: 00000000c01864b0 RDI: 0000000000000009\n[  512.124544] RBP: 00007ffda73f5420 R08: 000055cc9c0b0cb0 R09: 0000000000000034\n[  512.124564] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000c01864b0\n[  512.124584] R13: 0000000000000009 R14: 000055cc9df484d0 R15: 000055cc9af5d0c0\n[  512.124647]  \u003c/TASK\u003e"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-04T12:13:40.071Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c5812807e416618477d1bb0049727ce8bb8292fd"
        },
        {
          "url": "https://git.kernel.org/stable/c/e5ae504c8623476e13032670f1a6d6344d53ec9b"
        },
        {
          "url": "https://git.kernel.org/stable/c/a6ed7624bf4d0a32f2631e74828bca7b7bf15afd"
        },
        {
          "url": "https://git.kernel.org/stable/c/63e37a79f7bd939314997e29c2f5a9f0ef184281"
        }
      ],
      "title": "drm/gma500: Fix BUG: sleeping function called from invalid context errors",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-48634",
    "datePublished": "2024-04-28T12:59:19.749Z",
    "dateReserved": "2024-02-25T13:44:28.315Z",
    "dateUpdated": "2024-11-04T12:13:40.071Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-48634\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-04-28T13:15:06.617\",\"lastModified\":\"2024-10-30T16:35:02.927\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ndrm/gma500: Fix BUG: sleeping function called from invalid context errors\\n\\ngma_crtc_page_flip() was holding the event_lock spinlock while calling\\ncrtc_funcs-\u003emode_set_base() which takes ww_mutex.\\n\\nThe only reason to hold event_lock is to clear gma_crtc-\u003epage_flip_event\\non mode_set_base() errors.\\n\\nInstead unlock it after setting gma_crtc-\u003epage_flip_event and on\\nerrors re-take the lock and clear gma_crtc-\u003epage_flip_event it\\nit is still set.\\n\\nThis fixes the following WARN/stacktrace:\\n\\n[  512.122953] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:870\\n[  512.123004] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 1253, name: gnome-shell\\n[  512.123031] preempt_count: 1, expected: 0\\n[  512.123048] RCU nest depth: 0, expected: 0\\n[  512.123066] INFO: lockdep is turned off.\\n[  512.123080] irq event stamp: 0\\n[  512.123094] hardirqs last  enabled at (0): [\u003c0000000000000000\u003e] 0x0\\n[  512.123134] hardirqs last disabled at (0): [\u003cffffffff8d0ec28c\u003e] copy_process+0x9fc/0x1de0\\n[  512.123176] softirqs last  enabled at (0): [\u003cffffffff8d0ec28c\u003e] copy_process+0x9fc/0x1de0\\n[  512.123207] softirqs last disabled at (0): [\u003c0000000000000000\u003e] 0x0\\n[  512.123233] Preemption disabled at:\\n[  512.123241] [\u003c0000000000000000\u003e] 0x0\\n[  512.123275] CPU: 3 PID: 1253 Comm: gnome-shell Tainted: G        W         5.19.0+ #1\\n[  512.123304] Hardware name: Packard Bell dot s/SJE01_CT, BIOS V1.10 07/23/2013\\n[  512.123323] Call Trace:\\n[  512.123346]  \u003cTASK\u003e\\n[  512.123370]  dump_stack_lvl+0x5b/0x77\\n[  512.123412]  __might_resched.cold+0xff/0x13a\\n[  512.123458]  ww_mutex_lock+0x1e/0xa0\\n[  512.123495]  psb_gem_pin+0x2c/0x150 [gma500_gfx]\\n[  512.123601]  gma_pipe_set_base+0x76/0x240 [gma500_gfx]\\n[  512.123708]  gma_crtc_page_flip+0x95/0x130 [gma500_gfx]\\n[  512.123808]  drm_mode_page_flip_ioctl+0x57d/0x5d0\\n[  512.123897]  ? drm_mode_cursor2_ioctl+0x10/0x10\\n[  512.123936]  drm_ioctl_kernel+0xa1/0x150\\n[  512.123984]  drm_ioctl+0x21f/0x420\\n[  512.124025]  ? drm_mode_cursor2_ioctl+0x10/0x10\\n[  512.124070]  ? rcu_read_lock_bh_held+0xb/0x60\\n[  512.124104]  ? lock_release+0x1ef/0x2d0\\n[  512.124161]  __x64_sys_ioctl+0x8d/0xd0\\n[  512.124203]  do_syscall_64+0x58/0x80\\n[  512.124239]  ? do_syscall_64+0x67/0x80\\n[  512.124267]  ? trace_hardirqs_on_prepare+0x55/0xe0\\n[  512.124300]  ? do_syscall_64+0x67/0x80\\n[  512.124340]  ? rcu_read_lock_sched_held+0x10/0x80\\n[  512.124377]  entry_SYSCALL_64_after_hwframe+0x63/0xcd\\n[  512.124411] RIP: 0033:0x7fcc4a70740f\\n[  512.124442] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 \u003c89\u003e c2 3d 00 f0 ff ff 77 18 48 8b 44 24 18 64 48 2b 04 25 28 00 00\\n[  512.124470] RSP: 002b:00007ffda73f5390 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\\n[  512.124503] RAX: ffffffffffffffda RBX: 000055cc9e474500 RCX: 00007fcc4a70740f\\n[  512.124524] RDX: 00007ffda73f5420 RSI: 00000000c01864b0 RDI: 0000000000000009\\n[  512.124544] RBP: 00007ffda73f5420 R08: 000055cc9c0b0cb0 R09: 0000000000000034\\n[  512.124564] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000c01864b0\\n[  512.124584] R13: 0000000000000009 R14: 000055cc9df484d0 R15: 000055cc9af5d0c0\\n[  512.124647]  \u003c/TASK\u003e\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: drm/gma500: Correcci\u00f3n de ERROR: funci\u00f3n inactiva llamada desde errores de contexto no v\u00e1lidos gma_crtc_page_flip() estaba manteniendo el spinlock event_lock mientras llamaba a crtc_funcs-\u0026gt;mode_set_base() que toma ww_mutex. La \u00fanica raz\u00f3n para mantener event_lock es borrar los errores de gma_crtc-\u0026gt;page_flip_event en mode_set_base(). En su lugar, desbloqu\u00e9elo despu\u00e9s de configurar gma_crtc-\u0026gt;page_flip_event y, en caso de errores, vuelva a tomar el bloqueo y borre gma_crtc-\u0026gt;page_flip_event si todav\u00eda est\u00e1 configurado. Esto corrige la siguiente ADVERTENCIA/stacktrace: [512.122953] ERROR: funci\u00f3n inactiva llamada desde un contexto no v\u00e1lido en kernel/locking/mutex.c:870 [512.123004] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 1253, nombre: gnome-shell [512.123031] preempt_count: 1, esperado: 0 [512.123048] Profundidad del nido de RCU: 0, esperado: 0 [512.123066] INFORMACI\u00d3N: lockdep est\u00e1 desactivado. [ 512.123080] sello de evento irq: 0 [ 512.123094] hardirqs habilitado por \u00faltima vez en (0): [\u0026lt;0000000000000000\u0026gt;] 0x0 [ 512.123134] hardirqs deshabilitado por \u00faltima vez en (0): [] copy_process+0x9fc/0x1de0 [ 5 12.123176] softirqs habilitado por \u00faltima vez en (0): [] copy_process+0x9fc/0x1de0 [ 512.123207] softirqs deshabilitado por \u00faltima vez en (0): [\u0026lt;0000000000000000\u0026gt;] 0x0 [ 512.123233] Preferencia deshabilitada en: [ 512.123241] 0000000000\u0026gt;] 0x0 [ 512.123275] CPU: 3 PID: 1253 Comunicaciones: gnome-shell Contaminado: GW 5.19.0+ #1 [ 512.123304] Nombre de hardware: Packard Bell dot s/SJE01_CT, BIOS V1.10 23/07/2013 [ 512.123323] Seguimiento de llamadas : [ 512.123346]  [ 512.123370] dump_stack_lvl+0x5b/0x77 [ 512.123412] __might_resched.cold+0xff/0x13a [ 512.123458] ww_mutex_lock+0x1e/0xa0 [ 512.123495 ] psb_gem_pin+0x2c/0x150 [gma500_gfx] [ 512.123601] gma_pipe_set_base+0x76 /0x240 [gma500_gfx] [ 512.123708] gma_crtc_page_flip+0x95/0x130 [gma500_gfx] [ 512.123808] drm_mode_page_flip_ioctl+0x57d/0x5d0 [ 512.123897] ? drm_mode_cursor2_ioctl+0x10/0x10 [ 512.123936] drm_ioctl_kernel+0xa1/0x150 [ 512.123984] drm_ioctl+0x21f/0x420 [ 512.124025] ? drm_mode_cursor2_ioctl+0x10/0x10 [512.124070]? rcu_read_lock_bh_held+0xb/0x60 [512.124104]? lock_release+0x1ef/0x2d0 [ 512.124161] __x64_sys_ioctl+0x8d/0xd0 [ 512.124203] do_syscall_64+0x58/0x80 [ 512.124239] ? do_syscall_64+0x67/0x80 [512.124267]? trace_hardirqs_on_prepare+0x55/0xe0 [512.124300]? do_syscall_64+0x67/0x80 [512.124340]? rcu_read_lock_sched_held+0x10/0x80 [ 512.124377] Entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 512.124411] RIP: 0033:0x7fcc4a70740f [ 512.124442] C\u00f3digo: 00 48 89 44 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 \u0026lt;89\u0026gt; c2 3d 00 f0 ff ff 77 18 48 8b 44 24 18 64 48 2b 04 25 28 00 00 [ 24470]RSP: 002b:00007ffda73f5390 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 512.124503] RAX: ffffffffffffffda RBX: 000055cc9e474500 RCX: 00007fcc4a70740f [ 512.124524] RDX: 7ffda73f5420 RSI: 00000000c01864b0 RDI: 0000000000000009 [ 512.124544] RBP: 00007ffda73f5420 R08: 000055cc9c0b0cb0 R09: 0000000000000034 12.124564] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000c01864b0 [ 512.124584] R13: 0000000000000009 R14: 000055cc9df484d0 R15: 000055cc9af5d0c0 [ 512.124647 ] \"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.8,\"impactScore\":3.4}]},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/63e37a79f7bd939314997e29c2f5a9f0ef184281\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a6ed7624bf4d0a32f2631e74828bca7b7bf15afd\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/c5812807e416618477d1bb0049727ce8bb8292fd\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/e5ae504c8623476e13032670f1a6d6344d53ec9b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.