CVE-2022-50360
BaseFortify
Publication date: 2025-09-17
Last updated on: 2025-12-10
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.19 (inc) to 6.0.7 (exc) |
| linux | linux_kernel | 6.1 |
| linux | linux_kernel | 6.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel relates to the drm/msm/dp component where device-managed resources allocated after component binding are not properly tied to the lifetime of the aggregate DRM device. As a result, these resources may not be released correctly if the binding of the aggregate device is deferred. This can cause resource leaks or failures when the system attempts to bind the device again and allocate resources a second time. Specifically, for the DP aux-bus, a second attempt to populate the bus fails with an error indicating the device is already populated. The fix involves tying the lifetime of the EP device to the DRM device instead of the DP controller platform device to ensure proper resource management.
How can this vulnerability impact me? :
This vulnerability can lead to resource leaks in the system or failure to bind the aggregate DRM device when binding is retried. This means that the device may not function correctly or may fail to initialize properly, potentially causing system instability or degraded performance related to display or graphics functionality that relies on the DRM subsystem.