CVE-2022-49221

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/msm/dp: populate connector of struct dp_panel<br /> <br /> DP CTS test case 4.2.2.6 has valid edid with bad checksum on purpose<br /> and expect DP source return correct checksum. During drm edid read,<br /> correct edid checksum is calculated and stored at<br /> connector::real_edid_checksum.<br /> <br /> The problem is struct dp_panel::connector never be assigned, instead the<br /> connector is stored in struct msm_dp::connector. When we run compliance<br /> testing test case 4.2.2.6 dp_panel_handle_sink_request() won&amp;#39;t have a valid<br /> edid set in struct dp_panel::edid so we&amp;#39;ll try to use the connectors<br /> real_edid_checksum and hit a NULL pointer dereference error because the<br /> connector pointer is never assigned.<br /> <br /> Changes in V2:<br /> -- populate panel connector at msm_dp_modeset_init() instead of at dp_panel_read_sink_caps()<br /> <br /> Changes in V3:<br /> -- remove unhelpful kernel crash trace commit text<br /> -- remove renaming dp_display parameter to dp<br /> <br /> Changes in V4:<br /> -- add more details to commit text<br /> <br /> Changes in v10:<br /> -- group into one series<br /> <br /> Changes in v11:<br /> -- drop drm/msm/dp: dp_link_parse_sink_count() return immediately if aux read<br /> <br /> Signee-off-by: Kuogee Hsieh