Bug 2396125 (CVE-2022-50360) - CVE-2022-50360 kernel: drm/msm/dp: fix aux-bus EP lifetime
Summary: CVE-2022-50360 kernel: drm/msm/dp: fix aux-bus EP lifetime
Keywords:
Status: NEW
Alias: CVE-2022-50360
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-09-17 15:02 UTC by OSIDB Bzimport
Modified: 2025-11-26 10:32 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-09-17 15:02:47 UTC 
In the Linux kernel, the following vulnerability has been resolved:

drm/msm/dp: fix aux-bus EP lifetime

Device-managed resources allocated post component bind must be tied to
the lifetime of the aggregate DRM device or they will not necessarily be
released when binding of the aggregate device is deferred.

This can lead resource leaks or failure to bind the aggregate device
when binding is later retried and a second attempt to allocate the
resources is made.

For the DP aux-bus, an attempt to populate the bus a second time will
simply fail ("DP AUX EP device already populated").

Fix this by tying the lifetime of the EP device to the DRM device rather
than DP controller platform device.

Patchwork: https://patchwork.freedesktop.org/patch/502672/
Comment 1 Keith Grant 2025-09-17 17:39:49 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025091715-CVE-2022-50360-00c7@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.