ghsa-p4v4-q7w4-pw4w
Vulnerability from github
In the Linux kernel, the following vulnerability has been resolved:
media: mediatek: vcodec: prevent kernel crash when rmmod mtk-vcodec-dec.ko
If the driver support subdev mode, the parameter "dev->pm.dev" will be NULL in mtk_vcodec_dec_remove. Kernel will crash when try to rmmod mtk-vcodec-dec.ko.
[ 4380.702726] pc : do_raw_spin_trylock+0x4/0x80 [ 4380.707075] lr : _raw_spin_lock_irq+0x90/0x14c [ 4380.711509] sp : ffff80000819bc10 [ 4380.714811] x29: ffff80000819bc10 x28: ffff3600c03e4000 x27: 0000000000000000 [ 4380.721934] x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000 [ 4380.729057] x23: ffff3600c0f34930 x22: ffffd5e923549000 x21: 0000000000000220 [ 4380.736179] x20: 0000000000000208 x19: ffffd5e9213e8ebc x18: 0000000000000020 [ 4380.743298] x17: 0000002000000000 x16: ffffd5e9213e8e90 x15: 696c346f65646976 [ 4380.750420] x14: 0000000000000000 x13: 0000000000000001 x12: 0000000000000040 [ 4380.757542] x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000 [ 4380.764664] x8 : 0000000000000000 x7 : ffff3600c7273ae8 x6 : ffffd5e9213e8ebc [ 4380.771786] x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000 [ 4380.778908] x2 : 0000000000000000 x1 : ffff3600c03e4000 x0 : 0000000000000208 [ 4380.786031] Call trace: [ 4380.788465] do_raw_spin_trylock+0x4/0x80 [ 4380.792462] __pm_runtime_disable+0x2c/0x1b0 [ 4380.796723] mtk_vcodec_dec_remove+0x5c/0xa0 [mtk_vcodec_dec] [ 4380.802466] platform_remove+0x2c/0x60 [ 4380.806204] __device_release_driver+0x194/0x250 [ 4380.810810] driver_detach+0xc8/0x15c [ 4380.814462] bus_remove_driver+0x5c/0xb0 [ 4380.818375] driver_unregister+0x34/0x64 [ 4380.822288] platform_driver_unregister+0x18/0x24 [ 4380.826979] mtk_vcodec_dec_driver_exit+0x1c/0x888 [mtk_vcodec_dec] [ 4380.833240] __arm64_sys_delete_module+0x190/0x224 [ 4380.838020] invoke_syscall+0x48/0x114 [ 4380.841760] el0_svc_common.constprop.0+0x60/0x11c [ 4380.846540] do_el0_svc+0x28/0x90 [ 4380.849844] el0_svc+0x4c/0x100 [ 4380.852975] el0t_64_sync_handler+0xec/0xf0 [ 4380.857148] el0t_64_sync+0x190/0x194 [ 4380.860801] Code: 94431515 17ffffca d503201f d503245f (b9400004)
{
"affected": [],
"aliases": [
"CVE-2022-49496"
],
"database_specific": {
"cwe_ids": [
"CWE-667"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:01:25Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: prevent kernel crash when rmmod mtk-vcodec-dec.ko\n\nIf the driver support subdev mode, the parameter \"dev-\u003epm.dev\" will be\nNULL in mtk_vcodec_dec_remove. Kernel will crash when try to rmmod\nmtk-vcodec-dec.ko.\n\n[ 4380.702726] pc : do_raw_spin_trylock+0x4/0x80\n[ 4380.707075] lr : _raw_spin_lock_irq+0x90/0x14c\n[ 4380.711509] sp : ffff80000819bc10\n[ 4380.714811] x29: ffff80000819bc10 x28: ffff3600c03e4000 x27: 0000000000000000\n[ 4380.721934] x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000\n[ 4380.729057] x23: ffff3600c0f34930 x22: ffffd5e923549000 x21: 0000000000000220\n[ 4380.736179] x20: 0000000000000208 x19: ffffd5e9213e8ebc x18: 0000000000000020\n[ 4380.743298] x17: 0000002000000000 x16: ffffd5e9213e8e90 x15: 696c346f65646976\n[ 4380.750420] x14: 0000000000000000 x13: 0000000000000001 x12: 0000000000000040\n[ 4380.757542] x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000\n[ 4380.764664] x8 : 0000000000000000 x7 : ffff3600c7273ae8 x6 : ffffd5e9213e8ebc\n[ 4380.771786] x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000\n[ 4380.778908] x2 : 0000000000000000 x1 : ffff3600c03e4000 x0 : 0000000000000208\n[ 4380.786031] Call trace:\n[ 4380.788465] do_raw_spin_trylock+0x4/0x80\n[ 4380.792462] __pm_runtime_disable+0x2c/0x1b0\n[ 4380.796723] mtk_vcodec_dec_remove+0x5c/0xa0 [mtk_vcodec_dec]\n[ 4380.802466] platform_remove+0x2c/0x60\n[ 4380.806204] __device_release_driver+0x194/0x250\n[ 4380.810810] driver_detach+0xc8/0x15c\n[ 4380.814462] bus_remove_driver+0x5c/0xb0\n[ 4380.818375] driver_unregister+0x34/0x64\n[ 4380.822288] platform_driver_unregister+0x18/0x24\n[ 4380.826979] mtk_vcodec_dec_driver_exit+0x1c/0x888 [mtk_vcodec_dec]\n[ 4380.833240] __arm64_sys_delete_module+0x190/0x224\n[ 4380.838020] invoke_syscall+0x48/0x114\n[ 4380.841760] el0_svc_common.constprop.0+0x60/0x11c\n[ 4380.846540] do_el0_svc+0x28/0x90\n[ 4380.849844] el0_svc+0x4c/0x100\n[ 4380.852975] el0t_64_sync_handler+0xec/0xf0\n[ 4380.857148] el0t_64_sync+0x190/0x194\n[ 4380.860801] Code: 94431515 17ffffca d503201f d503245f (b9400004)",
"id": "GHSA-p4v4-q7w4-pw4w",
"modified": "2025-03-17T18:31:51Z",
"published": "2025-03-17T18:31:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49496"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1fa37b00dc55a061a3eb82e378849862b4aeca9d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c10c0086db688c95bb4e0e378e523818dff1551d"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.