CVE-2022-48826

EUVD-2022-53705

16.07.2024, 12:15

In the Linux kernel, the following vulnerability has been resolved:

drm/vc4: Fix deadlock on DSI device attach error

DSI device attach to DSI host will be done with host device's lock
held.

Un-registering host in "device attach" error path (ex: probe retry)
will result in deadlock with below call trace and non operational
DSI display.

Startup Call trace:
[   35.043036]  rt_mutex_slowlock.constprop.21+0x184/0x1b8
[   35.043048]  mutex_lock_nested+0x7c/0xc8
[   35.043060]  device_del+0x4c/0x3e8
[   35.043075]  device_unregister+0x20/0x40
[   35.043082]  mipi_dsi_remove_device_fn+0x18/0x28
[   35.043093]  device_for_each_child+0x68/0xb0
[   35.043105]  mipi_dsi_host_unregister+0x40/0x90
[   35.043115]  vc4_dsi_host_attach+0xf0/0x120 [vc4]
[   35.043199]  mipi_dsi_attach+0x30/0x48
[   35.043209]  tc358762_probe+0x128/0x164 [tc358762]
[   35.043225]  mipi_dsi_drv_probe+0x28/0x38
[   35.043234]  really_probe+0xc0/0x318
[   35.043244]  __driver_probe_device+0x80/0xe8
[   35.043254]  driver_probe_device+0xb8/0x118
[   35.043263]  __device_attach_driver+0x98/0xe8
[   35.043273]  bus_for_each_drv+0x84/0xd8
[   35.043281]  __device_attach+0xf0/0x150
[   35.043290]  device_initial_probe+0x1c/0x28
[   35.043300]  bus_probe_device+0xa4/0xb0
[   35.043308]  deferred_probe_work_func+0xa0/0xe0
[   35.043318]  process_one_work+0x254/0x700
[   35.043330]  worker_thread+0x4c/0x448
[   35.043339]  kthread+0x19c/0x1a8
[   35.043348]  ret_from_fork+0x10/0x20

Shutdown Call trace:
[  365.565417] Call trace:
[  365.565423]  __switch_to+0x148/0x200
[  365.565452]  __schedule+0x340/0x9c8
[  365.565467]  schedule+0x48/0x110
[  365.565479]  schedule_timeout+0x3b0/0x448
[  365.565496]  wait_for_completion+0xac/0x138
[  365.565509]  __flush_work+0x218/0x4e0
[  365.565523]  flush_work+0x1c/0x28
[  365.565536]  wait_for_device_probe+0x68/0x158
[  365.565550]  device_shutdown+0x24/0x348
[  365.565561]  kernel_restart_prepare+0x40/0x50
[  365.565578]  kernel_restart+0x20/0x70
[  365.565591]  __do_sys_reboot+0x10c/0x220
[  365.565605]  __arm64_sys_reboot+0x2c/0x38
[  365.565619]  invoke_syscall+0x4c/0x110
[  365.565634]  el0_svc_common.constprop.3+0xfc/0x120
[  365.565648]  do_el0_svc+0x2c/0x90
[  365.565661]  el0_svc+0x4c/0xf0
[  365.565671]  el0t_64_sync_handler+0x90/0xb8
[  365.565682]  el0t_64_sync+0x180/0x184

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 7%

Affected Products (NVD)

Vendor	Product	Version
linux	linux_kernel	𝑥 < 5.15.24
linux	linux_kernel	5.16 ≤ 𝑥 < 5.16.10

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bookworm	6.1.106-3 fixed
bookworm (security)	6.1.112-1 fixed
bullseye	vulnerable
bullseye (security)	vulnerable
sid	6.11.6-1 fixed
trixie	6.11.5-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

linux

bionic	ignored
focal	needed
jammy	not-affected
noble	not-affected
trusty	ignored
xenial	ignored

linux-allwinner-5.19

focal	dne
jammy	ignored
noble	dne

linux-aws

bionic	ignored
focal	needed
jammy	not-affected
noble	not-affected
trusty	ignored
xenial	ignored

linux-aws-5.0

bionic	ignored
focal	dne
jammy	dne
noble	dne

linux-aws-5.11

focal	ignored
jammy	dne
noble	dne

linux-aws-5.13

focal	ignored
jammy	dne
noble	dne

linux-aws-5.15

focal	not-affected
jammy	dne
noble	dne

linux-aws-5.19

focal	dne
jammy	ignored
noble	dne

linux-aws-5.3

bionic	ignored
focal	dne
jammy	dne
noble	dne

linux-aws-5.4

bionic	ignored
focal	dne
jammy	dne
noble	dne

linux-aws-5.8

focal	ignored
jammy	dne
noble	dne

linux-aws-6.2

focal	dne
jammy	ignored
noble	dne

linux-aws-6.5

focal	dne
jammy	not-affected
noble	dne

linux-aws-fips

focal	dne
jammy	dne
noble	dne

linux-aws-hwe

focal	dne
jammy	dne
noble	dne
xenial	ignored

linux-azure

bionic	ignored
focal	needed
jammy	not-affected
noble	not-affected
trusty	ignored
xenial	ignored

linux-azure-4.15

bionic	ignored
focal	dne
jammy	dne
noble	dne

linux-azure-5.11

focal	ignored
jammy	dne
noble	dne

linux-azure-5.13

focal	ignored
jammy	dne
noble	dne

linux-azure-5.15

focal	not-affected
jammy	dne
noble	dne

linux-azure-5.19

focal	dne
jammy	ignored
noble	dne

linux-azure-5.3

bionic	ignored
focal	dne
jammy	dne
noble	dne

linux-azure-5.4

bionic	ignored
focal	dne
jammy	dne
noble	dne

linux-azure-5.8

focal	ignored
jammy	dne
noble	dne

linux-azure-6.2

focal	dne
jammy	ignored
noble	dne

linux-azure-6.5

focal	dne
jammy	not-affected
noble	dne

linux-azure-edge

bionic	ignored
focal	dne
jammy	dne
noble	dne

linux-azure-fde

focal	ignored
jammy	not-affected
noble	dne

linux-azure-fde-5.15

focal	not-affected
jammy	dne
noble	dne

linux-azure-fde-5.19

focal	dne
jammy	ignored
noble	dne

linux-azure-fde-6.2

focal	dne
jammy	ignored
noble	dne

linux-azure-fips

focal	dne
jammy	dne
noble	dne

linux-bluefield

focal	needed
jammy	dne
noble	dne

linux-fips

focal	dne
jammy	dne
noble	dne

linux-gcp

bionic	ignored
focal	needed
jammy	not-affected
noble	not-affected
xenial	ignored

linux-gcp-4.15

bionic	ignored
focal	dne
jammy	dne
noble	dne

linux-gcp-5.11

focal	ignored
jammy	dne
noble	dne

linux-gcp-5.13

focal	ignored
jammy	dne
noble	dne

linux-gcp-5.15

focal	not-affected
jammy	dne
noble	dne

linux-gcp-5.19

focal	dne
jammy	ignored
noble	dne

linux-gcp-5.3

bionic	ignored
focal	dne
jammy	dne
noble	dne

linux-gcp-5.4

bionic	ignored
focal	dne
jammy	dne
noble	dne

linux-gcp-5.8

focal	ignored
jammy	dne
noble	dne

linux-gcp-6.2

focal	dne
jammy	ignored
noble	dne

linux-gcp-6.5

focal	dne
jammy	not-affected
noble	dne

linux-gcp-fips

focal	dne
jammy	dne
noble	dne

linux-gke

focal	ignored
jammy	not-affected
noble	not-affected

linux-gke-4.15

bionic	ignored
focal	dne
jammy	dne
noble	dne

linux-gke-5.15

focal	ignored
jammy	dne
noble	dne

linux-gke-5.4

bionic	ignored
focal	dne
jammy	dne
noble	dne

linux-gkeop

focal	needed
jammy	not-affected
noble	dne

linux-gkeop-5.15

focal	not-affected
jammy	dne
noble	dne

linux-gkeop-5.4

bionic	ignored
focal	dne
jammy	dne
noble	dne

linux-hwe

bionic	ignored
focal	dne
jammy	dne
noble	dne
xenial	ignored

linux-hwe-5.11

focal	ignored
jammy	dne
noble	dne

linux-hwe-5.13

focal	ignored
jammy	dne
noble	dne

linux-hwe-5.15

focal	not-affected
jammy	dne
noble	dne

linux-hwe-5.19

focal	dne
jammy	ignored
noble	dne

linux-hwe-5.4

bionic	ignored
focal	dne
jammy	dne
noble	dne

linux-hwe-5.8

focal	ignored
jammy	dne
noble	dne

linux-hwe-6.2

focal	dne
jammy	ignored
noble	dne

linux-hwe-6.5

focal	dne
jammy	ignored
noble	dne

linux-hwe-6.8

bionic	dne
focal	dne
jammy	not-affected
noble	dne
trusty	dne
xenial	dne

linux-hwe-edge

bionic	ignored
focal	dne
jammy	dne
noble	dne
xenial	ignored

linux-ibm

focal	needed
jammy	not-affected
noble	not-affected

linux-ibm-5.15

focal	not-affected
jammy	dne
noble	dne

linux-ibm-5.4

bionic	ignored
focal	dne
jammy	dne
noble	dne

linux-intel

focal	dne
jammy	dne
noble	not-affected

linux-intel-5.13

focal	ignored
jammy	dne
noble	dne

linux-intel-iot-realtime

bionic	dne
focal	dne
jammy	dne
noble	dne
trusty	dne
xenial	dne

linux-intel-iotg

focal	dne
jammy	not-affected
noble	dne

linux-intel-iotg-5.15

focal	Fixed 5.15.0-1008.11~20.04.1 released
jammy	dne
noble	dne

linux-iot

focal	needed
jammy	dne
noble	dne

linux-kvm

bionic	ignored
focal	needed
jammy	not-affected
noble	dne
xenial	ignored

linux-lowlatency

focal	dne
jammy	not-affected
noble	not-affected

linux-lowlatency-hwe-5.15

focal	not-affected
jammy	dne
noble	dne

linux-lowlatency-hwe-5.19

focal	dne
jammy	ignored
noble	dne

linux-lowlatency-hwe-6.2

focal	dne
jammy	ignored
noble	dne

linux-lowlatency-hwe-6.5

focal	dne
jammy	ignored
noble	dne

linux-lowlatency-hwe-6.8

bionic	dne
focal	dne
jammy	not-affected
noble	dne
trusty	dne
xenial	dne

linux-lts-xenial

focal	dne
jammy	dne
noble	dne
trusty	ignored

linux-nvidia

focal	dne
jammy	not-affected
noble	not-affected

linux-nvidia-6.2

focal	dne
jammy	ignored
noble	dne

linux-nvidia-6.5

focal	dne
jammy	not-affected
noble	dne

linux-nvidia-6.8

bionic	dne
focal	dne
jammy	not-affected
noble	dne
trusty	dne
xenial	dne

linux-nvidia-lowlatency

bionic	dne
focal	dne
jammy	dne
noble	not-affected
trusty	dne
xenial	dne

linux-oem

bionic	ignored
focal	dne
jammy	dne
noble	dne

linux-oem-5.10

focal	ignored
jammy	dne
noble	dne

linux-oem-5.13

focal	ignored
jammy	dne
noble	dne

linux-oem-5.14

focal	ignored
jammy	dne
noble	dne

linux-oem-5.17

focal	dne
jammy	ignored
noble	dne

linux-oem-5.6

focal	ignored
jammy	dne
noble	dne

linux-oem-6.0

focal	dne
jammy	ignored
noble	dne

linux-oem-6.1

focal	dne
jammy	ignored
noble	dne

linux-oem-6.5

focal	dne
jammy	not-affected
noble	dne

linux-oem-6.8

focal	dne
jammy	dne
noble	not-affected

linux-oracle

bionic	ignored
focal	needed
jammy	not-affected
noble	not-affected
xenial	ignored

linux-oracle-5.0

bionic	ignored
focal	dne
jammy	dne
noble	dne

linux-oracle-5.11

focal	ignored
jammy	dne
noble	dne

linux-oracle-5.13

focal	ignored
jammy	dne
noble	dne

linux-oracle-5.15

focal	not-affected
jammy	dne
noble	dne

linux-oracle-5.3

bionic	ignored
focal	dne
jammy	dne
noble	dne

linux-oracle-5.4

bionic	ignored
focal	dne
jammy	dne
noble	dne

linux-oracle-5.8

focal	ignored
jammy	dne
noble	dne

linux-oracle-6.5

focal	dne
jammy	not-affected
noble	dne

linux-raspi

focal	needed
jammy	not-affected
noble	not-affected

linux-raspi-5.4

bionic	ignored
focal	dne
jammy	dne
noble	dne

linux-raspi-realtime

bionic	dne
focal	dne
jammy	dne
noble	dne
trusty	dne
xenial	dne

linux-raspi2

focal	ignored
jammy	dne
noble	dne

linux-realtime

bionic	dne
focal	dne
jammy	ignored
noble	dne
trusty	dne
xenial	dne

linux-riscv

focal	ignored
jammy	ignored
noble	not-affected

linux-riscv-5.11

focal	ignored
jammy	dne
noble	dne

linux-riscv-5.15

focal	not-affected
jammy	dne
noble	dne

linux-riscv-5.19

focal	dne
jammy	ignored
noble	dne

linux-riscv-5.8

focal	ignored
jammy	dne
noble	dne

linux-riscv-6.5

focal	dne
jammy	ignored
noble	dne

linux-riscv-6.8

bionic	dne
focal	dne
jammy	not-affected
noble	dne
trusty	dne
xenial	dne

linux-starfive-5.19

focal	dne
jammy	ignored
noble	dne

linux-starfive-6.2

focal	dne
jammy	ignored
noble	dne

linux-starfive-6.5

focal	dne
jammy	not-affected
noble	dne

linux-xilinx-zynqmp

focal	needed
jammy	not-affected
noble	dne

openSUSE / SLES Releases

openSUSE Product

Release

kernel-64kb

suse enterprise desktop 15 SP5	5.14.21-150500.55.73.1 fixed
suse enterprise sap 15 SP5	5.14.21-150500.55.73.1 fixed
suse enterprise server 15 SP4	5.14.21-150400.24.128.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.55.73.1 fixed

kernel-azure

suse enterprise sap 12 SP5	4.12.14-16.194.1 fixed
suse enterprise sap 15 SP5	5.14.21-150500.33.63.1 fixed
suse enterprise server 12 SP5	4.12.14-16.194.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.33.63.1 fixed

kernel-azure-base

suse enterprise sap 12 SP5	4.12.14-16.194.1 fixed
suse enterprise server 12 SP5	4.12.14-16.194.1 fixed

kernel-default

suse enterprise desktop 15 SP5	5.14.21-150500.55.73.1 fixed
suse enterprise sap 12 SP5	4.12.14-122.225.1 fixed
suse enterprise sap 15 SP5	5.14.21-150500.55.73.1 fixed
suse enterprise server 12 SP5	4.12.14-122.225.1 fixed
suse enterprise server 15 SP4	5.14.21-150400.24.128.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.55.73.1 fixed

kernel-default-base

suse enterprise desktop 15 SP5	5.14.21-150500.55.73.1.150500.6.33.8 fixed
suse enterprise sap 12 SP5	4.12.14-122.225.1 fixed
suse enterprise sap 15 SP5	5.14.21-150500.55.73.1.150500.6.33.8 fixed
suse enterprise server 12 SP5	4.12.14-122.225.1 fixed
suse enterprise server 15 SP4	5.14.21-150400.24.128.1.150400.24.62.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.55.73.1.150500.6.33.8 fixed

kernel-default-man

suse enterprise sap 12 SP5	4.12.14-122.225.1 fixed
suse enterprise server 12 SP5	4.12.14-122.225.1 fixed

kernel-docs

suse enterprise desktop 15 SP5	5.14.21-150500.55.73.2 fixed
suse enterprise sap 15 SP5	5.14.21-150500.55.73.2 fixed
suse enterprise server 15 SP4	5.14.21-150400.24.128.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.55.73.2 fixed

kernel-macros

suse enterprise desktop 15 SP5	5.14.21-150500.55.73.1 fixed
suse enterprise sap 12 SP5	4.12.14-122.225.1 fixed
suse enterprise sap 15 SP5	5.14.21-150500.55.73.1 fixed
suse enterprise server 12 SP5	4.12.14-122.225.1 fixed
suse enterprise server 15 SP4	5.14.21-150400.24.128.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.55.73.1 fixed

kernel-obs-build

suse enterprise desktop 15 SP5	5.14.21-150500.55.73.1 fixed
suse enterprise sap 15 SP5	5.14.21-150500.55.73.1 fixed
suse enterprise server 15 SP4	5.14.21-150400.24.128.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.55.73.1 fixed

kernel-source

suse enterprise desktop 15 SP5	5.14.21-150500.55.73.1 fixed
suse enterprise sap 12 SP5	4.12.14-122.225.1 fixed
suse enterprise sap 15 SP5	5.14.21-150500.55.73.1 fixed
suse enterprise server 12 SP5	4.12.14-122.225.1 fixed
suse enterprise server 15 SP4	5.14.21-150400.24.128.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.55.73.1 fixed

kernel-source-azure

suse enterprise sap 12 SP5	4.12.14-16.194.1 fixed
suse enterprise sap 15 SP5	5.14.21-150500.33.63.1 fixed
suse enterprise server 12 SP5	4.12.14-16.194.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.33.63.1 fixed

kernel-syms

suse enterprise desktop 15 SP5	5.14.21-150500.55.73.1 fixed
suse enterprise sap 12 SP5	4.12.14-122.225.1 fixed
suse enterprise sap 15 SP5	5.14.21-150500.55.73.1 fixed
suse enterprise server 12 SP5	4.12.14-122.225.1 fixed
suse enterprise server 15 SP4	5.14.21-150400.24.128.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.55.73.1 fixed

kernel-syms-azure

suse enterprise sap 12 SP5	4.12.14-16.194.1 fixed
suse enterprise sap 15 SP5	5.14.21-150500.33.63.1 fixed
suse enterprise server 12 SP5	4.12.14-16.194.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.33.63.1 fixed

kernel-zfcpdump

suse enterprise desktop 15 SP5	5.14.21-150500.55.73.1 fixed
suse enterprise sap 15 SP5	5.14.21-150500.55.73.1 fixed
suse enterprise server 15 SP4	5.14.21-150400.24.128.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.55.73.1 fixed

reiserfs-kmp-default

suse enterprise server 15 SP4

5.14.21-150400.24.128.1

fixed

Common Weakness Enumeration

CWE-667 - Improper Locking
The software does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

References

https://git.kernel.org/stable/c/0a3d12ab5097b1d045e693412e6b366b7e82031b

https://git.kernel.org/stable/c/770d1ba9a8201ce9bee0946eb03746449b6f3b80

https://git.kernel.org/stable/c/dddd832f35096fbc5004e3a7e58fb4d2cefb8deb

https://git.kernel.org/stable/c/0a3d12ab5097b1d045e693412e6b366b7e82031b

https://git.kernel.org/stable/c/770d1ba9a8201ce9bee0946eb03746449b6f3b80

https://git.kernel.org/stable/c/dddd832f35096fbc5004e3a7e58fb4d2cefb8deb