ghsa-pp7m-7xwh-j3h9
Vulnerability from github
Published
2025-09-17 15:30
Modified
2025-09-17 15:30
Details

In the Linux kernel, the following vulnerability has been resolved:

media: cx88: Fix a null-ptr-deref bug in buffer_prepare()

When the driver calls cx88_risc_buffer() to prepare the buffer, the function call may fail, resulting in a empty buffer and null-ptr-deref later in buffer_queue().

The following log can reveal it:

[ 41.822762] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI [ 41.824488] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 41.828027] RIP: 0010:buffer_queue+0xc2/0x500 [ 41.836311] Call Trace: [ 41.836945] __enqueue_in_driver+0x141/0x360 [ 41.837262] vb2_start_streaming+0x62/0x4a0 [ 41.838216] vb2_core_streamon+0x1da/0x2c0 [ 41.838516] __vb2_init_fileio+0x981/0xbc0 [ 41.839141] __vb2_perform_fileio+0xbf9/0x1120 [ 41.840072] vb2_fop_read+0x20e/0x400 [ 41.840346] v4l2_read+0x215/0x290 [ 41.840603] vfs_read+0x162/0x4c0

Fix this by checking the return value of cx88_risc_buffer()

[hverkuil: fix coding style issues]

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2022-50359"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-17T15:15:34Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: cx88: Fix a null-ptr-deref bug in buffer_prepare()\n\nWhen the driver calls cx88_risc_buffer() to prepare the buffer, the\nfunction call may fail, resulting in a empty buffer and null-ptr-deref\nlater in buffer_queue().\n\nThe following log can reveal it:\n\n[   41.822762] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI\n[   41.824488] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\n[   41.828027] RIP: 0010:buffer_queue+0xc2/0x500\n[   41.836311] Call Trace:\n[   41.836945]  __enqueue_in_driver+0x141/0x360\n[   41.837262]  vb2_start_streaming+0x62/0x4a0\n[   41.838216]  vb2_core_streamon+0x1da/0x2c0\n[   41.838516]  __vb2_init_fileio+0x981/0xbc0\n[   41.839141]  __vb2_perform_fileio+0xbf9/0x1120\n[   41.840072]  vb2_fop_read+0x20e/0x400\n[   41.840346]  v4l2_read+0x215/0x290\n[   41.840603]  vfs_read+0x162/0x4c0\n\nFix this by checking the return value of cx88_risc_buffer()\n\n[hverkuil: fix coding style issues]",
  "id": "GHSA-pp7m-7xwh-j3h9",
  "modified": "2025-09-17T15:30:38Z",
  "published": "2025-09-17T15:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50359"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/10c99d1c46ea9cd940029e17bab11d021f315c21"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2b064d91440b33fba5b452f2d1b31f13ae911d71"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4befc7ffa18ef9a4b70d854465313a345a06862f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/644d5a87ab1863eb606526ea743021752a17e9cb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6f21976095c1e92454ab030976f95f40d652351b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/704838040f3bdb4aa07ff4f26505a666a3defcfe"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9181af2dbf06e7f432e5dbe88d10b22343e851b9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c2257c8a501537afab276c306cb717b7260276e1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c76d04d2079a4b7369ce9a0e859c0f3f2250bcc1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.