CVE-2022-50412

EUVD-2025-29879
In the Linux kernel, the following vulnerability has been resolved:

drm: bridge: adv7511: unregister cec i2c device after cec adapter

cec_unregister_adapter() assumes that the underlying adapter ops are
callable. For example, if the CEC adapter currently has a valid physical
address, then the unregistration procedure will invalidate the physical
address by setting it to f.f.f.f. Whence the following kernel oops
observed after removing the adv7511 module:

    Unable to handle kernel execution of user memory at virtual address 0000000000000000
    Internal error: Oops: 86000004 [#1] PREEMPT_RT SMP
    Call trace:
     0x0
     adv7511_cec_adap_log_addr+0x1ac/0x1c8 [adv7511]
     cec_adap_unconfigure+0x44/0x90 [cec]
     __cec_s_phys_addr.part.0+0x68/0x230 [cec]
     __cec_s_phys_addr+0x40/0x50 [cec]
     cec_unregister_adapter+0xb4/0x118 [cec]
     adv7511_remove+0x60/0x90 [adv7511]
     i2c_device_remove+0x34/0xe0
     device_release_driver_internal+0x114/0x1f0
     driver_detach+0x54/0xe0
     bus_remove_driver+0x60/0xd8
     driver_unregister+0x34/0x60
     i2c_del_driver+0x2c/0x68
     adv7511_exit+0x1c/0x67c [adv7511]
     __arm64_sys_delete_module+0x154/0x288
     invoke_syscall+0x48/0x100
     el0_svc_common.constprop.0+0x48/0xe8
     do_el0_svc+0x28/0x88
     el0_svc+0x1c/0x50
     el0t_64_sync_handler+0xa8/0xb0
     el0t_64_sync+0x15c/0x160
    Code: bad PC value
    ---[ end trace 0000000000000000 ]---

Protect against this scenario by unregistering i2c_cec after
unregistering the CEC adapter. Duly disable the CEC clock afterwards
too.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
4.15 ≤
𝑥
< 5.10.234
linuxlinux_kernel
5.11 ≤
𝑥
< 5.15.75
linuxlinux_kernel
5.16 ≤
𝑥
< 5.19.17
linuxlinux_kernel
6.0 ≤
𝑥
< 6.0.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.148-1
fixed
bookworm (security)
6.1.147-1
fixed
bullseye
vulnerable
bullseye (security)
5.10.237-1
fixed
forky
6.16.7-1
fixed
sid
6.16.7-1
fixed
trixie
6.12.43-1
fixed
trixie (security)
6.12.41-1
fixed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
cluster-md-kmp-default
suse enterprise server 15 SP5
5.14.21-150500.55.124.1
fixed
dlm-kmp-default
suse enterprise server 15 SP5
5.14.21-150500.55.124.1
fixed
gfs2-kmp-default
suse enterprise server 15 SP5
5.14.21-150500.55.124.1
fixed
kernel-64kb
suse enterprise server 15 SP3
5.3.18-150300.59.221.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.124.1
fixed
kernel-default
suse enterprise server 15 SP3
5.3.18-150300.59.221.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.124.1
fixed
kernel-default-base
suse enterprise server 15 SP3
5.3.18-150300.59.221.1.150300.18.132.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.124.1.150500.6.59.1
fixed
kernel-docs
suse enterprise server 15 SP3
5.3.18-150300.59.221.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.124.1
fixed
kernel-macros
suse enterprise server 15 SP3
5.3.18-150300.59.221.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.124.1
fixed
kernel-obs-build
suse enterprise server 15 SP3
5.3.18-150300.59.221.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.124.1
fixed
kernel-preempt
suse enterprise server 15 SP3
5.3.18-150300.59.221.1
fixed
kernel-source
suse enterprise server 15 SP3
5.3.18-150300.59.221.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.124.1
fixed
kernel-syms
suse enterprise server 15 SP3
5.3.18-150300.59.221.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.124.1
fixed
kernel-zfcpdump
suse enterprise server 15 SP3
5.3.18-150300.59.221.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.124.1
fixed
ocfs2-kmp-default
suse enterprise server 15 SP5
5.14.21-150500.55.124.1
fixed
reiserfs-kmp-default
suse enterprise server 15 SP3
5.3.18-150300.59.221.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.55.124.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
bpftool
RHEL 8
0:4.18.0-513.5.1.el8_9
fixed
RHEL 9
0:7.2.0-362.8.1.el9_3
fixed
kernel
RHEL 8
0:4.18.0-513.5.1.el8_9
fixed
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-64k
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-64k-core
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-64k-debug
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-64k-debug-core
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-64k-debug-devel
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-64k-debug-devel-matched
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-64k-debug-modules
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-64k-debug-modules-core
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-64k-debug-modules-extra
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-64k-devel
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-64k-devel-matched
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-64k-modules
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-64k-modules-core
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-64k-modules-extra
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-abi-stablelists
RHEL 8
0:4.18.0-513.5.1.el8_9
fixed
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-core
RHEL 8
0:4.18.0-513.5.1.el8_9
fixed
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-debug
RHEL 8
0:4.18.0-513.5.1.el8_9
fixed
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-debug-core
RHEL 8
0:4.18.0-513.5.1.el8_9
fixed
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-debug-devel
RHEL 8
0:4.18.0-513.5.1.el8_9
fixed
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-debug-devel-matched
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-debug-modules
RHEL 8
0:4.18.0-513.5.1.el8_9
fixed
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-debug-modules-core
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-debug-modules-extra
RHEL 8
0:4.18.0-513.5.1.el8_9
fixed
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-debug-uki-virt
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-devel
RHEL 8
0:4.18.0-513.5.1.el8_9
fixed
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-devel-matched
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-doc
RHEL 8
0:4.18.0-513.5.1.el8_9
fixed
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-modules
RHEL 8
0:4.18.0-513.5.1.el8_9
fixed
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-modules-core
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-modules-extra
RHEL 8
0:4.18.0-513.5.1.el8_9
fixed
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-rt
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-rt-core
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-rt-debug
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-rt-debug-core
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-rt-debug-devel
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-rt-debug-kvm
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-rt-debug-modules
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-rt-debug-modules-core
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-rt-debug-modules-extra
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-rt-devel
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-rt-kvm
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-rt-modules
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-rt-modules-core
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-rt-modules-extra
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-tools
RHEL 8
0:4.18.0-513.5.1.el8_9
fixed
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-tools-libs
RHEL 8
0:4.18.0-513.5.1.el8_9
fixed
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-tools-libs-devel
RHEL 8
0:4.18.0-513.5.1.el8_9
fixed
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-uki-virt
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-zfcpdump
RHEL 8
0:4.18.0-513.5.1.el8_9
fixed
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-zfcpdump-core
RHEL 8
0:4.18.0-513.5.1.el8_9
fixed
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-zfcpdump-devel
RHEL 8
0:4.18.0-513.5.1.el8_9
fixed
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-zfcpdump-devel-matched
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-zfcpdump-modules
RHEL 8
0:4.18.0-513.5.1.el8_9
fixed
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-zfcpdump-modules-core
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
kernel-zfcpdump-modules-extra
RHEL 8
0:4.18.0-513.5.1.el8_9
fixed
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
libperf
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
perf
RHEL 8
0:4.18.0-513.5.1.el8_9
fixed
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
python3-perf
RHEL 8
0:4.18.0-513.5.1.el8_9
fixed
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
rtla
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
rv
RHEL 9
0:5.14.0-362.8.1.el9_3
fixed
References
https://git.kernel.org/stable/c/3747465c5da7a11957a34bbb9485d9fc253b91cc
https://git.kernel.org/stable/c/40cdb02cb9f965732eb543d47f15bef8d10f0f5f
https://git.kernel.org/stable/c/4d4d5bc659206b187263190ad9a03513f625659d
https://git.kernel.org/stable/c/86ae5170786aea3e1751123ca55700fb9b37b623
https://git.kernel.org/stable/c/f369fb4deed7ab997cfa703dc85ec08b3adc1af8