Bug 2347758 (CVE-2022-49483)

Summary: CVE-2022-49483 kernel: drm/msm/disp/dpu1: avoid clearing hw interrupts if hw_intr is null during drm uninit
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: dfreiber, drow, jburrell, vkumar
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2025-02-26 03:05:42 UTC 
In the Linux kernel, the following vulnerability has been resolved:

drm/msm/disp/dpu1: avoid clearing hw interrupts if hw_intr is null during drm uninit

If edp modeset init is failed due to panel being not ready and
probe defers during drm bind, avoid clearing irqs and dereference
hw_intr when hw_intr is null.

BUG: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000

Call trace:
 dpu_core_irq_uninstall+0x50/0xb0
 dpu_irq_uninstall+0x18/0x24
 msm_drm_uninit+0xd8/0x16c
 msm_drm_bind+0x580/0x5fc
 try_to_bring_up_master+0x168/0x1c0
 __component_add+0xb4/0x178
 component_add+0x1c/0x28
 dp_display_probe+0x38c/0x400
 platform_probe+0xb0/0xd0
 really_probe+0xcc/0x2c8
 __driver_probe_device+0xbc/0xe8
 driver_probe_device+0x48/0xf0
 __device_attach_driver+0xa0/0xc8
 bus_for_each_drv+0x8c/0xd8
 __device_attach+0xc4/0x150
 device_initial_probe+0x1c/0x28

Changes in V2:
- Update commit message and coreect fixes tag.

Patchwork: https://patchwork.freedesktop.org/patch/484430/
Comment 1 Avinash Hanwate 2025-02-26 13:36:28 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025022604-CVE-2022-49483-dd7b@gregkh/T
Comment 2 Avinash Hanwate 2025-02-26 17:37:49 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025022604-CVE-2022-49483-dd7b@gregkh/T