CVE-2022-49247
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
26/02/2025
Last modified:
21/10/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED<br />
<br />
If the callback &#39;start_streaming&#39; fails, then all<br />
queued buffers in the driver should be returned with<br />
state &#39;VB2_BUF_STATE_QUEUED&#39;. Currently, they are<br />
returned with &#39;VB2_BUF_STATE_ERROR&#39; which is wrong.<br />
Fix this. This also fixes the warning:<br />
<br />
[ 65.583633] WARNING: CPU: 5 PID: 593 at drivers/media/common/videobuf2/videobuf2-core.c:1612 vb2_start_streaming+0xd4/0x160 [videobuf2_common]<br />
[ 65.585027] Modules linked in: snd_usb_audio snd_hwdep snd_usbmidi_lib snd_rawmidi snd_soc_hdmi_codec dw_hdmi_i2s_audio saa7115 stk1160 videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 videobuf2_common videodev mc crct10dif_ce panfrost snd_soc_simple_card snd_soc_audio_graph_card snd_soc_spdif_tx snd_soc_simple_card_utils gpu_sched phy_rockchip_pcie snd_soc_rockchip_i2s rockchipdrm analogix_dp dw_mipi_dsi dw_hdmi cec drm_kms_helper drm rtc_rk808 rockchip_saradc industrialio_triggered_buffer kfifo_buf rockchip_thermal pcie_rockchip_host ip_tables x_tables ipv6<br />
[ 65.589383] CPU: 5 PID: 593 Comm: v4l2src0:src Tainted: G W 5.16.0-rc4-62408-g32447129cb30-dirty #14<br />
[ 65.590293] Hardware name: Radxa ROCK Pi 4B (DT)<br />
[ 65.590696] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)<br />
[ 65.591304] pc : vb2_start_streaming+0xd4/0x160 [videobuf2_common]<br />
[ 65.591850] lr : vb2_start_streaming+0x6c/0x160 [videobuf2_common]<br />
[ 65.592395] sp : ffff800012bc3ad0<br />
[ 65.592685] x29: ffff800012bc3ad0 x28: 0000000000000000 x27: ffff800012bc3cd8<br />
[ 65.593312] x26: 0000000000000000 x25: ffff00000d8a7800 x24: 0000000040045612<br />
[ 65.593938] x23: ffff800011323000 x22: ffff800012bc3cd8 x21: ffff00000908a8b0<br />
[ 65.594562] x20: ffff00000908a8c8 x19: 00000000fffffff4 x18: ffffffffffffffff<br />
[ 65.595188] x17: 000000040044ffff x16: 00400034b5503510 x15: ffff800011323f78<br />
[ 65.595813] x14: ffff000013163886 x13: ffff000013163885 x12: 00000000000002ce<br />
[ 65.596439] x11: 0000000000000028 x10: 0000000000000001 x9 : 0000000000000228<br />
[ 65.597064] x8 : 0101010101010101 x7 : 7f7f7f7f7f7f7f7f x6 : fefefeff726c5e78<br />
[ 65.597690] x5 : ffff800012bc3990 x4 : 0000000000000000 x3 : ffff000009a34880<br />
[ 65.598315] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff000007cd99f0<br />
[ 65.598940] Call trace:<br />
[ 65.599155] vb2_start_streaming+0xd4/0x160 [videobuf2_common]<br />
[ 65.599672] vb2_core_streamon+0x17c/0x1a8 [videobuf2_common]<br />
[ 65.600179] vb2_streamon+0x54/0x88 [videobuf2_v4l2]<br />
[ 65.600619] vb2_ioctl_streamon+0x54/0x60 [videobuf2_v4l2]<br />
[ 65.601103] v4l_streamon+0x3c/0x50 [videodev]<br />
[ 65.601521] __video_do_ioctl+0x1a4/0x428 [videodev]<br />
[ 65.601977] video_usercopy+0x320/0x828 [videodev]<br />
[ 65.602419] video_ioctl2+0x3c/0x58 [videodev]<br />
[ 65.602830] v4l2_ioctl+0x60/0x90 [videodev]<br />
[ 65.603227] __arm64_sys_ioctl+0xa8/0xe0<br />
[ 65.603576] invoke_syscall+0x54/0x118<br />
[ 65.603911] el0_svc_common.constprop.3+0x84/0x100<br />
[ 65.604332] do_el0_svc+0x34/0xa0<br />
[ 65.604625] el0_svc+0x1c/0x50<br />
[ 65.604897] el0t_64_sync_handler+0x88/0xb0<br />
[ 65.605264] el0t_64_sync+0x16c/0x170<br />
[ 65.605587] ---[ end trace 578e0ba07742170d ]---
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 3.7 (including) | 4.14.276 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.15 (including) | 4.19.238 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.20 (including) | 5.4.189 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.110 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.33 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 5.16.19 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.17 (including) | 5.17.2 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/03054f22d5abd80ad89547512c2bfbfb2714d3ed
- https://git.kernel.org/stable/c/2874122ca4ca74adec72d6d6bf8828228ec20f15
- https://git.kernel.org/stable/c/3cc050df73e3d973f1870a8dc0e177e77670bc7f
- https://git.kernel.org/stable/c/4d68603cc4382174bc1e7d532e10675c48c6b257
- https://git.kernel.org/stable/c/a09e9882800fdfc5aab93f77c3f0132071d2191b
- https://git.kernel.org/stable/c/f04a520a422222fc921bf035dc67414c500a286a
- https://git.kernel.org/stable/c/f66e6fd1488d26229f11d86616de1b658c70fa8a
- https://git.kernel.org/stable/c/fbe04b49a54e31f4321d632270207f0e6304cd16