CVE-2022-50287

15.09.2025, 15:15

In the Linux kernel, the following vulnerability has been resolved:

drm/i915/bios: fix a memory leak in generate_lfp_data_ptrs

When (size != 0 || ptrs->lvds_ entries != 3), the program tries to
free() the ptrs. However, the ptrs is not created by calling kzmalloc(),
but is obtained by pointer offset operation.
This may lead to memory leaks or undefined behavior.

Fix this by replacing the arguments of kfree() with ptrs_block.

(cherry picked from commit 7674cd0b7d28b952151c3df26bbfa7e07eb2b4ec)

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
Linux	CNA	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 not-affected
bullseye (security)	5.10.237-1 fixed
bookworm	6.1.148-1 fixed
bookworm (security)	6.1.147-1 fixed
trixie	6.12.43-1 fixed
trixie (security)	6.12.41-1 fixed
forky	6.16.3-1 fixed
sid	6.16.7-1 fixed

References

https://git.kernel.org/stable/c/1382901f75a5a7dc8eac05059fd0c7816def4eae

https://git.kernel.org/stable/c/4758d04014cfe6cdb6e9b4738d1d6728487bbb3a

https://git.kernel.org/stable/c/7c852e8f93f04e57c1e3883caa72542469c6c4c4