CVE-2022-50412

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm: bridge: adv7511: unregister cec i2c device after cec adapter<br /> <br /> cec_unregister_adapter() assumes that the underlying adapter ops are<br /> callable. For example, if the CEC adapter currently has a valid physical<br /> address, then the unregistration procedure will invalidate the physical<br /> address by setting it to f.f.f.f. Whence the following kernel oops<br /> observed after removing the adv7511 module:<br /> <br /> Unable to handle kernel execution of user memory at virtual address 0000000000000000<br /> Internal error: Oops: 86000004 [#1] PREEMPT_RT SMP<br /> Call trace:<br /> 0x0<br /> adv7511_cec_adap_log_addr+0x1ac/0x1c8 [adv7511]<br /> cec_adap_unconfigure+0x44/0x90 [cec]<br /> __cec_s_phys_addr.part.0+0x68/0x230 [cec]<br /> __cec_s_phys_addr+0x40/0x50 [cec]<br /> cec_unregister_adapter+0xb4/0x118 [cec]<br /> adv7511_remove+0x60/0x90 [adv7511]<br /> i2c_device_remove+0x34/0xe0<br /> device_release_driver_internal+0x114/0x1f0<br /> driver_detach+0x54/0xe0<br /> bus_remove_driver+0x60/0xd8<br /> driver_unregister+0x34/0x60<br /> i2c_del_driver+0x2c/0x68<br /> adv7511_exit+0x1c/0x67c [adv7511]<br /> __arm64_sys_delete_module+0x154/0x288<br /> invoke_syscall+0x48/0x100<br /> el0_svc_common.constprop.0+0x48/0xe8<br /> do_el0_svc+0x28/0x88<br /> el0_svc+0x1c/0x50<br /> el0t_64_sync_handler+0xa8/0xb0<br /> el0t_64_sync+0x15c/0x160<br /> Code: bad PC value<br /> ---[ end trace 0000000000000000 ]---<br /> <br /> Protect against this scenario by unregistering i2c_cec after<br /> unregistering the CEC adapter. Duly disable the CEC clock afterwards<br /> too.