Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2022-48826

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
16/07/2024
Last modified:
05/09/2024

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/vc4: Fix deadlock on DSI device attach error<br /> <br /> DSI device attach to DSI host will be done with host device&amp;#39;s lock<br /> held.<br /> <br /> Un-registering host in "device attach" error path (ex: probe retry)<br /> will result in deadlock with below call trace and non operational<br /> DSI display.<br /> <br /> Startup Call trace:<br /> [ 35.043036] rt_mutex_slowlock.constprop.21+0x184/0x1b8<br /> [ 35.043048] mutex_lock_nested+0x7c/0xc8<br /> [ 35.043060] device_del+0x4c/0x3e8<br /> [ 35.043075] device_unregister+0x20/0x40<br /> [ 35.043082] mipi_dsi_remove_device_fn+0x18/0x28<br /> [ 35.043093] device_for_each_child+0x68/0xb0<br /> [ 35.043105] mipi_dsi_host_unregister+0x40/0x90<br /> [ 35.043115] vc4_dsi_host_attach+0xf0/0x120 [vc4]<br /> [ 35.043199] mipi_dsi_attach+0x30/0x48<br /> [ 35.043209] tc358762_probe+0x128/0x164 [tc358762]<br /> [ 35.043225] mipi_dsi_drv_probe+0x28/0x38<br /> [ 35.043234] really_probe+0xc0/0x318<br /> [ 35.043244] __driver_probe_device+0x80/0xe8<br /> [ 35.043254] driver_probe_device+0xb8/0x118<br /> [ 35.043263] __device_attach_driver+0x98/0xe8<br /> [ 35.043273] bus_for_each_drv+0x84/0xd8<br /> [ 35.043281] __device_attach+0xf0/0x150<br /> [ 35.043290] device_initial_probe+0x1c/0x28<br /> [ 35.043300] bus_probe_device+0xa4/0xb0<br /> [ 35.043308] deferred_probe_work_func+0xa0/0xe0<br /> [ 35.043318] process_one_work+0x254/0x700<br /> [ 35.043330] worker_thread+0x4c/0x448<br /> [ 35.043339] kthread+0x19c/0x1a8<br /> [ 35.043348] ret_from_fork+0x10/0x20<br /> <br /> Shutdown Call trace:<br /> [ 365.565417] Call trace:<br /> [ 365.565423] __switch_to+0x148/0x200<br /> [ 365.565452] __schedule+0x340/0x9c8<br /> [ 365.565467] schedule+0x48/0x110<br /> [ 365.565479] schedule_timeout+0x3b0/0x448<br /> [ 365.565496] wait_for_completion+0xac/0x138<br /> [ 365.565509] __flush_work+0x218/0x4e0<br /> [ 365.565523] flush_work+0x1c/0x28<br /> [ 365.565536] wait_for_device_probe+0x68/0x158<br /> [ 365.565550] device_shutdown+0x24/0x348<br /> [ 365.565561] kernel_restart_prepare+0x40/0x50<br /> [ 365.565578] kernel_restart+0x20/0x70<br /> [ 365.565591] __do_sys_reboot+0x10c/0x220<br /> [ 365.565605] __arm64_sys_reboot+0x2c/0x38<br /> [ 365.565619] invoke_syscall+0x4c/0x110<br /> [ 365.565634] el0_svc_common.constprop.3+0xfc/0x120<br /> [ 365.565648] do_el0_svc+0x2c/0x90<br /> [ 365.565661] el0_svc+0x4c/0xf0<br /> [ 365.565671] el0t_64_sync_handler+0x90/0xb8<br /> [ 365.565682] el0t_64_sync+0x180/0x184

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.15.24 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.16 (including) 5.16.10 (excluding)

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools