CVE-2022-50359

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> media: cx88: Fix a null-ptr-deref bug in buffer_prepare()<br /> <br /> When the driver calls cx88_risc_buffer() to prepare the buffer, the<br /> function call may fail, resulting in a empty buffer and null-ptr-deref<br /> later in buffer_queue().<br /> <br /> The following log can reveal it:<br /> <br /> [ 41.822762] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI<br /> [ 41.824488] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]<br /> [ 41.828027] RIP: 0010:buffer_queue+0xc2/0x500<br /> [ 41.836311] Call Trace:<br /> [ 41.836945] __enqueue_in_driver+0x141/0x360<br /> [ 41.837262] vb2_start_streaming+0x62/0x4a0<br /> [ 41.838216] vb2_core_streamon+0x1da/0x2c0<br /> [ 41.838516] __vb2_init_fileio+0x981/0xbc0<br /> [ 41.839141] __vb2_perform_fileio+0xbf9/0x1120<br /> [ 41.840072] vb2_fop_read+0x20e/0x400<br /> [ 41.840346] v4l2_read+0x215/0x290<br /> [ 41.840603] vfs_read+0x162/0x4c0<br /> <br /> Fix this by checking the return value of cx88_risc_buffer()<br /> <br /> [hverkuil: fix coding style issues]