GHSA-Q626-923J-FG7R

Vulnerability from github – Published: 2025-03-18 21:32 – Updated: 2025-03-18 21:32
VLAI?
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes()

In amdgpu_dm_connector_add_common_modes(), amdgpu_dm_create_common_mode() is assigned to mode and is passed to drm_mode_probed_add() directly after that. drm_mode_probed_add() passes &mode->head to list_add_tail(), and there is a dereference of it in list_add_tail() without recoveries, which could lead to NULL pointer dereference on failure of amdgpu_dm_create_common_mode().

Fix this by adding a NULL check of mode.

This bug was found by a static analyzer.

Builds with 'make allyesconfig' show no new warnings, and our static analyzer no longer warns about this code.

Severity ?
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Show details on source website
To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2022-49232"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:00Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes()\n\nIn amdgpu_dm_connector_add_common_modes(), amdgpu_dm_create_common_mode()\nis assigned to mode and is passed to drm_mode_probed_add() directly after\nthat. drm_mode_probed_add() passes \u0026mode-\u003ehead to list_add_tail(), and\nthere is a dereference of it in list_add_tail() without recoveries, which\ncould lead to NULL pointer dereference on failure of\namdgpu_dm_create_common_mode().\n\nFix this by adding a NULL check of mode.\n\nThis bug was found by a static analyzer.\n\nBuilds with \u0027make allyesconfig\u0027 show no new warnings,\nand our static analyzer no longer warns about this code.",
  "id": "GHSA-q626-923j-fg7r",
  "modified": "2025-03-18T21:32:00Z",
  "published": "2025-03-18T21:32:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49232"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/19a7eba284790cfbba2945deb2363cf03ce41648"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2c729dec8c1e3e2892fde5ce8181553860914e74"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/57f4ad5e286fe4599c8fc63cf89f85f9eec7f9c9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/588a70177df3b1777484267584ef38ab2ca899a2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/639b3b9def0a6a3f316a195d705d14113236e89c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bdc7429708a0772d90c208975694f7c2133b1202"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f4eaa999fec78dec2a9c2d797438e05cbffb125b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.