Bug 2153058 (CVE-2022-3115) - CVE-2022-3115 kernel: drm: mali-dp: NULL pointer dereference in malidp_crtc_reset()
Summary: CVE-2022-3115 kernel: drm: mali-dp: NULL pointer dereference in malidp_crtc_r...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2022-3115
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2153051
TreeView+ depends on / blocked
 
Reported: 2022-12-13 21:58 UTC by Sage McTaggart
Modified: 2023-08-01 19:21 UTC (History)
48 users (show)

Fixed In Version: kernel 5.19-rc1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-06-12 19:02:03 UTC
Embargoed:


Attachments (Terms of Use)

Description Sage McTaggart 2022-12-13 21:58:25 UTC
[Suggested description]
An issue was discovered in the Linux kernel through 5.16-rc6.
malidp_crtc_reset in drivers/gpu/drm/arm/malidp_crtc.c lacks check of
the return value of kzalloc() and will cause the null pointer
dereference.

------------------------------------------

[VulnerabilityType Other]
NULL Pointer Dereference

------------------------------------------

[Vendor of Product]
the development group

------------------------------------------

[Affected Product Code Base]
Linux kernel - 5.16-rc6

------------------------------------------

[Reference]
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2&id=73c3ed7495c67b8fbdc31cf58e6ca8757df31a33

------------------------------------------

[Discoverer]
Jiasheng Jiang

Comment 5 Mauro Matteo Cascella 2023-06-12 08:37:14 UTC
Upstream commit:
https://github.com/torvalds/linux/commit/73c3ed7495c67b8fbdc31cf58e6ca8757df31a33

Comment 6 Product Security DevOps Team 2023-06-12 19:01:59 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-3115

Comment 7 Jan Pazdziora 2023-07-29 07:42:05 UTC
Hello,

given comment 2 limits the scope to ARM but does not rule out that the code is in the RHEL kernel, shouldn't this be reopened for proper investigation of the situation in RHEL aarch64 versions?

Thank you, Jan


Note You need to log in before you can comment on or make changes to this bug.