SB20250226702 - Resource management error in Linux kernel drm mediatek driver
Published: February 26, 2025 Updated: May 11, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Resource management error (CVE-ID: CVE-2022-49506)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mtk_drm_cmdq_pkt_destroy(), mtk_drm_crtc_destroy(), mtk_drm_crtc_enable_vblank() and mtk_drm_crtc_create() functions in drivers/gpu/drm/mediatek/mtk_drm_crtc.c, within the rdma_update_bits() function in drivers/gpu/drm/mediatek/mtk_disp_rdma.c, within the mtk_disp_ovl_irq_handler() and mtk_ovl_disable_vblank() functions in drivers/gpu/drm/mediatek/mtk_disp_ovl.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/3a4027b5971fe2a94e32754f007d9d3c12c68ad1
- https://git.kernel.org/stable/c/8a265d9838bc3c63579002d55c2b2c655c4f8f26
- https://git.kernel.org/stable/c/8a2dbdeccef6de47565638abdf3c25f41cdffc37
- https://git.kernel.org/stable/c/b74d921b900b6ce38c6247c0a1c86be9f3746493
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.54
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.14
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.3
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19