CVE-2022-50412
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-18

Last updated on: 2025-12-12

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: drm: bridge: adv7511: unregister cec i2c device after cec adapter cec_unregister_adapter() assumes that the underlying adapter ops are callable. For example, if the CEC adapter currently has a valid physical address, then the unregistration procedure will invalidate the physical address by setting it to f.f.f.f. Whence the following kernel oops observed after removing the adv7511 module: Unable to handle kernel execution of user memory at virtual address 0000000000000000 Internal error: Oops: 86000004 [#1] PREEMPT_RT SMP Call trace: 0x0 adv7511_cec_adap_log_addr+0x1ac/0x1c8 [adv7511] cec_adap_unconfigure+0x44/0x90 [cec] __cec_s_phys_addr.part.0+0x68/0x230 [cec] __cec_s_phys_addr+0x40/0x50 [cec] cec_unregister_adapter+0xb4/0x118 [cec] adv7511_remove+0x60/0x90 [adv7511] i2c_device_remove+0x34/0xe0 device_release_driver_internal+0x114/0x1f0 driver_detach+0x54/0xe0 bus_remove_driver+0x60/0xd8 driver_unregister+0x34/0x60 i2c_del_driver+0x2c/0x68 adv7511_exit+0x1c/0x67c [adv7511] __arm64_sys_delete_module+0x154/0x288 invoke_syscall+0x48/0x100 el0_svc_common.constprop.0+0x48/0xe8 do_el0_svc+0x28/0x88 el0_svc+0x1c/0x50 el0t_64_sync_handler+0xa8/0xb0 el0t_64_sync+0x15c/0x160 Code: bad PC value ---[ end trace 0000000000000000 ]--- Protect against this scenario by unregistering i2c_cec after unregistering the CEC adapter. Duly disable the CEC clock afterwards too.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-18
Last Modified
2025-12-12
Generated
2026-05-27
AI Q&A
2025-09-18
EPSS Evaluated
2026-05-25
NVD
CVE-2022-50412
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 4.15 (inc) to 5.10.234 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.75 (exc)
linux linux_kernel From 5.16 (inc) to 5.19.17 (exc)
linux linux_kernel From 6.0 (inc) to 6.0.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in the Linux kernel's drm bridge driver for adv7511. The issue is that the function cec_unregister_adapter() assumes the underlying adapter operations are callable. When the adv7511 module is removed, the unregistration procedure invalidates the physical address, leading to a kernel oops (crash) due to a null pointer dereference. This happens because the i2c CEC device is unregistered before the CEC adapter, causing improper handling and a kernel error. The fix involves unregistering the i2c CEC device after unregistering the CEC adapter and disabling the CEC clock afterwards.


How can this vulnerability impact me? :

This vulnerability can cause a kernel crash (kernel oops) when the adv7511 module is removed, potentially leading to system instability or denial of service. It affects the reliability of the system by causing unexpected kernel errors during device removal operations.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by observing kernel oops or crash logs related to the adv7511 module, specifically errors indicating issues in cec_unregister_adapter() such as 'Unable to handle kernel execution of user memory at virtual address 0000000000000000' and related call traces involving adv7511 and cec functions. You can check the kernel logs using commands like 'dmesg | grep adv7511' or 'journalctl -k | grep adv7511' to identify such errors.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, ensure that the i2c_cec device is unregistered only after the CEC adapter has been unregistered. Additionally, disable the CEC clock after unregistering the i2c_cec device. This prevents the kernel oops caused by invalid physical address handling during module removal.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart