cve/published/2022/CVE-2022-49458.json - pub/scm/linux/security/vulns - Git at Google

 {
    "containers": {
       "cna": {
          "providerMetadata": {
             "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
          },
          "descriptions": [
             {
                "lang": "en",
                "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: don't free the IRQ if it was not requested\n\nAs msm_drm_uninit() is called from the msm_drm_init() error path,\nadditional care should be necessary as not to call the free_irq() for\nthe IRQ that was not requested before (because an error occured earlier\nthan the request_irq() call).\n\nThis fixed the issue reported with the following backtrace:\n\n[    8.571329] Trying to free already-free IRQ 187\n[    8.571339] WARNING: CPU: 0 PID: 76 at kernel/irq/manage.c:1895 free_irq+0x1e0/0x35c\n[    8.588746] Modules linked in: pmic_glink pdr_interface fastrpc qrtr_smd snd_soc_hdmi_codec msm fsa4480 gpu_sched drm_dp_aux_bus qrtr i2c_qcom_geni crct10dif_ce qcom_stats qcom_q6v5_pas drm_display_helper gpi qcom_pil_info drm_kms_helper qcom_q6v5 qcom_sysmon qcom_common qcom_glink_smem qcom_rng mdt_loader qmi_helpers phy_qcom_qmp ufs_qcom typec qnoc_sm8350 socinfo rmtfs_mem fuse drm ipv6\n[    8.624154] CPU: 0 PID: 76 Comm: kworker/u16:2 Not tainted 5.18.0-rc5-next-20220506-00033-g6cee8cab6089-dirty #419\n[    8.624161] Hardware name: Qualcomm Technologies, Inc. SM8350 HDK (DT)\n[    8.641496] Workqueue: events_unbound deferred_probe_work_func\n[    8.647510] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[    8.654681] pc : free_irq+0x1e0/0x35c\n[    8.658454] lr : free_irq+0x1e0/0x35c\n[    8.662228] sp : ffff800008ab3950\n[    8.665642] x29: ffff800008ab3950 x28: 0000000000000000 x27: ffff16350f56a700\n[    8.672994] x26: ffff1635025df080 x25: ffff16350251badc x24: ffff16350251bb90\n[    8.680343] x23: 0000000000000000 x22: 00000000000000bb x21: ffff16350e8f9800\n[    8.687690] x20: ffff16350251ba00 x19: ffff16350cbd5880 x18: ffffffffffffffff\n[    8.695039] x17: 0000000000000000 x16: ffffa2dd12179434 x15: ffffa2dd1431d02d\n[    8.702391] x14: 0000000000000000 x13: ffffa2dd1431d028 x12: 662d79646165726c\n[    8.709740] x11: ffffa2dd13fd2438 x10: 000000000000000a x9 : 00000000000000bb\n[    8.717111] x8 : ffffa2dd13fd23f0 x7 : ffff800008ab3750 x6 : 00000000fffff202\n[    8.724487] x5 : ffff16377e870a18 x4 : 00000000fffff202 x3 : ffff735a6ae1b000\n[    8.731851] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff1635015f8000\n[    8.739217] Call trace:\n[    8.741755]  free_irq+0x1e0/0x35c\n[    8.745198]  msm_drm_uninit.isra.0+0x14c/0x294 [msm]\n[    8.750548]  msm_drm_bind+0x28c/0x5d0 [msm]\n[    8.755081]  try_to_bring_up_aggregate_device+0x164/0x1d0\n[    8.760657]  __component_add+0xa0/0x170\n[    8.764626]  component_add+0x14/0x20\n[    8.768337]  dp_display_probe+0x2a4/0x464 [msm]\n[    8.773242]  platform_probe+0x68/0xe0\n[    8.777043]  really_probe.part.0+0x9c/0x28c\n[    8.781368]  __driver_probe_device+0x98/0x144\n[    8.785871]  driver_probe_device+0x40/0x140\n[    8.790191]  __device_attach_driver+0xb4/0x120\n[    8.794788]  bus_for_each_drv+0x78/0xd0\n[    8.798751]  __device_attach+0xdc/0x184\n[    8.802713]  device_initial_probe+0x14/0x20\n[    8.807031]  bus_probe_device+0x9c/0xa4\n[    8.810991]  deferred_probe_work_func+0x88/0xc0\n[    8.815667]  process_one_work+0x1d0/0x320\n[    8.819809]  worker_thread+0x14c/0x444\n[    8.823688]  kthread+0x10c/0x110\n[    8.827036]  ret_from_fork+0x10/0x20\n\nPatchwork: https://patchwork.freedesktop.org/patch/485422/"
             }
          ],
          "affected": [
             {
                "product": "Linux",
                "vendor": "Linux",
                "defaultStatus": "unaffected",
                "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                "programFiles": [
                   "drivers/gpu/drm/msm/msm_drv.c",
                   "drivers/gpu/drm/msm/msm_kms.h"
                ],
                "versions": [
                   {
                      "version": "f026e431cf861197dc03217d1920b38b80b31dd9",
                      "lessThan": "beb81c13d020ceb7f8693e65464162e5f249218e",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "f026e431cf861197dc03217d1920b38b80b31dd9",
                      "lessThan": "b288ec4439c1dad304c1862bf6b0be78d9b1b2b2",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "f026e431cf861197dc03217d1920b38b80b31dd9",
                      "lessThan": "59023c4fb1ab3de0fa001681650f662c253c7fd7",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "f026e431cf861197dc03217d1920b38b80b31dd9",
                      "lessThan": "577e2a9dfc8fba7938aaf75db63fae7e328cc3cb",
                      "status": "affected",
                      "versionType": "git"
                   }
                ]
             },
             {
                "product": "Linux",
                "vendor": "Linux",
                "defaultStatus": "affected",
                "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                "programFiles": [
                   "drivers/gpu/drm/msm/msm_drv.c",
                   "drivers/gpu/drm/msm/msm_kms.h"
                ],
                "versions": [
                   {
                      "version": "5.15",
                      "status": "affected"
                   },
                   {
                      "version": "0",
                      "lessThan": "5.15",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "5.15.46",
                      "lessThanOrEqual": "5.15.*",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "5.17.14",
                      "lessThanOrEqual": "5.17.*",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "5.18.3",
                      "lessThanOrEqual": "5.18.*",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "5.19",
                      "lessThanOrEqual": "*",
                      "status": "unaffected",
                      "versionType": "original_commit_for_fix"
                   }
                ]
             }
          ],
          "cpeApplicability": [
             {
                "nodes": [
                   {
                      "operator": "OR",
                      "negate": false,
                      "cpeMatch": [
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "5.15",
                            "versionEndExcluding": "5.15.46"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "5.15",
                            "versionEndExcluding": "5.17.14"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "5.15",
                            "versionEndExcluding": "5.18.3"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "5.15",
                            "versionEndExcluding": "5.19"
                         }
                      ]
                   }
                ]
             }
          ],
          "references": [
             {
                "url": "https://git.kernel.org/stable/c/beb81c13d020ceb7f8693e65464162e5f249218e"
             },
             {
                "url": "https://git.kernel.org/stable/c/b288ec4439c1dad304c1862bf6b0be78d9b1b2b2"
             },
             {
                "url": "https://git.kernel.org/stable/c/59023c4fb1ab3de0fa001681650f662c253c7fd7"
             },
             {
                "url": "https://git.kernel.org/stable/c/577e2a9dfc8fba7938aaf75db63fae7e328cc3cb"
             }
          ],
          "title": "drm/msm: don't free the IRQ if it was not requested",
          "x_generator": {
             "engine": "bippy-1.2.0"
          }
       }
    },
    "cveMetadata": {
       "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
       "cveID": "CVE-2022-49458",
       "requesterUserId": "gregkh@kernel.org",
       "serial": "1",
       "state": "PUBLISHED"
    },
    "dataType": "CVE_RECORD",
    "dataVersion": "5.0"
 }
	{
	"containers": {
	"cna": {
	"providerMetadata": {
	"orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
	},
	"descriptions": [
	{
	"lang": "en",
	"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: don't free the IRQ if it was not requested\n\nAs msm_drm_uninit() is called from the msm_drm_init() error path,\nadditional care should be necessary as not to call the free_irq() for\nthe IRQ that was not requested before (because an error occured earlier\nthan the request_irq() call).\n\nThis fixed the issue reported with the following backtrace:\n\n[ 8.571329] Trying to free already-free IRQ 187\n[ 8.571339] WARNING: CPU: 0 PID: 76 at kernel/irq/manage.c:1895 free_irq+0x1e0/0x35c\n[ 8.588746] Modules linked in: pmic_glink pdr_interface fastrpc qrtr_smd snd_soc_hdmi_codec msm fsa4480 gpu_sched drm_dp_aux_bus qrtr i2c_qcom_geni crct10dif_ce qcom_stats qcom_q6v5_pas drm_display_helper gpi qcom_pil_info drm_kms_helper qcom_q6v5 qcom_sysmon qcom_common qcom_glink_smem qcom_rng mdt_loader qmi_helpers phy_qcom_qmp ufs_qcom typec qnoc_sm8350 socinfo rmtfs_mem fuse drm ipv6\n[ 8.624154] CPU: 0 PID: 76 Comm: kworker/u16:2 Not tainted 5.18.0-rc5-next-20220506-00033-g6cee8cab6089-dirty #419\n[ 8.624161] Hardware name: Qualcomm Technologies, Inc. SM8350 HDK (DT)\n[ 8.641496] Workqueue: events_unbound deferred_probe_work_func\n[ 8.647510] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 8.654681] pc : free_irq+0x1e0/0x35c\n[ 8.658454] lr : free_irq+0x1e0/0x35c\n[ 8.662228] sp : ffff800008ab3950\n[ 8.665642] x29: ffff800008ab3950 x28: 0000000000000000 x27: ffff16350f56a700\n[ 8.672994] x26: ffff1635025df080 x25: ffff16350251badc x24: ffff16350251bb90\n[ 8.680343] x23: 0000000000000000 x22: 00000000000000bb x21: ffff16350e8f9800\n[ 8.687690] x20: ffff16350251ba00 x19: ffff16350cbd5880 x18: ffffffffffffffff\n[ 8.695039] x17: 0000000000000000 x16: ffffa2dd12179434 x15: ffffa2dd1431d02d\n[ 8.702391] x14: 0000000000000000 x13: ffffa2dd1431d028 x12: 662d79646165726c\n[ 8.709740] x11: ffffa2dd13fd2438 x10: 000000000000000a x9 : 00000000000000bb\n[ 8.717111] x8 : ffffa2dd13fd23f0 x7 : ffff800008ab3750 x6 : 00000000fffff202\n[ 8.724487] x5 : ffff16377e870a18 x4 : 00000000fffff202 x3 : ffff735a6ae1b000\n[ 8.731851] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff1635015f8000\n[ 8.739217] Call trace:\n[ 8.741755] free_irq+0x1e0/0x35c\n[ 8.745198] msm_drm_uninit.isra.0+0x14c/0x294 [msm]\n[ 8.750548] msm_drm_bind+0x28c/0x5d0 [msm]\n[ 8.755081] try_to_bring_up_aggregate_device+0x164/0x1d0\n[ 8.760657] __component_add+0xa0/0x170\n[ 8.764626] component_add+0x14/0x20\n[ 8.768337] dp_display_probe+0x2a4/0x464 [msm]\n[ 8.773242] platform_probe+0x68/0xe0\n[ 8.777043] really_probe.part.0+0x9c/0x28c\n[ 8.781368] __driver_probe_device+0x98/0x144\n[ 8.785871] driver_probe_device+0x40/0x140\n[ 8.790191] __device_attach_driver+0xb4/0x120\n[ 8.794788] bus_for_each_drv+0x78/0xd0\n[ 8.798751] __device_attach+0xdc/0x184\n[ 8.802713] device_initial_probe+0x14/0x20\n[ 8.807031] bus_probe_device+0x9c/0xa4\n[ 8.810991] deferred_probe_work_func+0x88/0xc0\n[ 8.815667] process_one_work+0x1d0/0x320\n[ 8.819809] worker_thread+0x14c/0x444\n[ 8.823688] kthread+0x10c/0x110\n[ 8.827036] ret_from_fork+0x10/0x20\n\nPatchwork: https://patchwork.freedesktop.org/patch/485422/"
	}
	],
	"affected": [
	{
	"product": "Linux",
	"vendor": "Linux",
	"defaultStatus": "unaffected",
	"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
	"programFiles": [
	"drivers/gpu/drm/msm/msm_drv.c",
	"drivers/gpu/drm/msm/msm_kms.h"
	],
	"versions": [
	{
	"version": "f026e431cf861197dc03217d1920b38b80b31dd9",
	"lessThan": "beb81c13d020ceb7f8693e65464162e5f249218e",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "f026e431cf861197dc03217d1920b38b80b31dd9",
	"lessThan": "b288ec4439c1dad304c1862bf6b0be78d9b1b2b2",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "f026e431cf861197dc03217d1920b38b80b31dd9",
	"lessThan": "59023c4fb1ab3de0fa001681650f662c253c7fd7",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "f026e431cf861197dc03217d1920b38b80b31dd9",
	"lessThan": "577e2a9dfc8fba7938aaf75db63fae7e328cc3cb",
	"status": "affected",
	"versionType": "git"
	}
	]
	},
	{
	"product": "Linux",
	"vendor": "Linux",
	"defaultStatus": "affected",
	"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
	"programFiles": [
	"drivers/gpu/drm/msm/msm_drv.c",
	"drivers/gpu/drm/msm/msm_kms.h"
	],
	"versions": [
	{
	"version": "5.15",
	"status": "affected"
	},
	{
	"version": "0",
	"lessThan": "5.15",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "5.15.46",
	"lessThanOrEqual": "5.15.*",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "5.17.14",
	"lessThanOrEqual": "5.17.*",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "5.18.3",
	"lessThanOrEqual": "5.18.*",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "5.19",
	"lessThanOrEqual": "*",
	"status": "unaffected",
	"versionType": "original_commit_for_fix"
	}
	]
	}
	],
	"cpeApplicability": [
	{
	"nodes": [
	{
	"operator": "OR",
	"negate": false,
	"cpeMatch": [
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "5.15",
	"versionEndExcluding": "5.15.46"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "5.15",
	"versionEndExcluding": "5.17.14"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "5.15",
	"versionEndExcluding": "5.18.3"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "5.15",
	"versionEndExcluding": "5.19"
	}
	]
	}
	]
	}
	],
	"references": [
	{
	"url": "https://git.kernel.org/stable/c/beb81c13d020ceb7f8693e65464162e5f249218e"
	},
	{
	"url": "https://git.kernel.org/stable/c/b288ec4439c1dad304c1862bf6b0be78d9b1b2b2"
	},
	{
	"url": "https://git.kernel.org/stable/c/59023c4fb1ab3de0fa001681650f662c253c7fd7"
	},
	{
	"url": "https://git.kernel.org/stable/c/577e2a9dfc8fba7938aaf75db63fae7e328cc3cb"
	}
	],
	"title": "drm/msm: don't free the IRQ if it was not requested",
	"x_generator": {
	"engine": "bippy-1.2.0"
	}
	}
	},
	"cveMetadata": {
	"assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
	"cveID": "CVE-2022-49458",
	"requesterUserId": "gregkh@kernel.org",
	"serial": "1",
	"state": "PUBLISHED"
	},
	"dataType": "CVE_RECORD",
	"dataVersion": "5.0"
	}