CVE-2022-49491

In the Linux kernel, the following vulnerability has been resolved:

drm/rockchip: vop: fix possible null-ptr-deref in vop_bind()

It will cause null-ptr-deref in resource_size(), if platform_get_resource()
returns NULL, move calling resource_size() after devm_ioremap_resource() that
will check 'res' to avoid null-ptr-deref.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
LinuxCNA
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
VendorProductVersion
linuxlinux_kernel
3.19 ≤
𝑥
< 4.9.318
linuxlinux_kernel
4.10 ≤
𝑥
< 4.14.283
linuxlinux_kernel
4.15 ≤
𝑥
< 4.19.247
linuxlinux_kernel
4.20 ≤
𝑥
< 5.4.198
linuxlinux_kernel
5.5 ≤
𝑥
< 5.10.121
linuxlinux_kernel
5.11 ≤
𝑥
< 5.15.46
linuxlinux_kernel
5.16 ≤
𝑥
< 5.17.14
linuxlinux_kernel
5.18 ≤
𝑥
< 5.18.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.234-1
fixed
bookworm
6.1.123-1
fixed
bookworm (security)
6.1.128-1
fixed
trixie
6.12.12-1
fixed
sid
6.12.16-1
fixed
Common Weakness Enumeration
References
https://git.kernel.org/stable/c/3451852312303d54a003c73bd0ae39cebb960bd5
https://git.kernel.org/stable/c/452922955df215a417c80d09dab72bbc667a1861
https://git.kernel.org/stable/c/6ff986e057bf28e2f7690dad410768b2270f9453
https://git.kernel.org/stable/c/769c53bb6116d0eaec0f1fe4ec4b27a74465cad1
https://git.kernel.org/stable/c/a9b4599665e437de8a1152799c34841b799a2e1c
https://git.kernel.org/stable/c/b54926bd558d97c888c3d2d87886f3c159d3254a
https://git.kernel.org/stable/c/ecfa52654d0c9c333c1fe1611f47105f6bce9591
https://git.kernel.org/stable/c/f8c242908ad15bbd604d3bcb54961b7d454c43f8
https://git.kernel.org/stable/c/fcd6a886443730c39170b8383411e52118aec0a3