Bug 2401549 (CVE-2022-50489)

Summary: CVE-2022-50489 kernel: drm/mipi-dsi: Detach devices when removing the host
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A resource leak flaw was found in the Linux kernel's MIPI-DSI host driver in the device removal logic. A local user can trigger this issue by unregistering a MIPI-DSI host, causing the cleanup code to unregister all attached devices without first detaching them. This prevents the host from performing proper cleanup operations, resulting in resource leaks including memory, references, and hardware state, leading to denial of service through resource exhaustion.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2025-10-04 16:06:53 UTC 
In the Linux kernel, the following vulnerability has been resolved:

drm/mipi-dsi: Detach devices when removing the host

Whenever the MIPI-DSI host is unregistered, the code of
mipi_dsi_host_unregister() loops over every device currently found on that
bus and will unregister it.

However, it doesn't detach it from the bus first, which leads to all kind
of resource leaks if the host wants to perform some clean up whenever a
device is detached.
Comment 1 Alexander B 2025-10-06 12:32:53 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025100417-CVE-2022-50489-9d88@gregkh/T