CVE-2022-49221: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: populate connector of struct dp_panel DP CTS test case 4.2.2.6 has valid edid with bad checksum on purpose and expect DP source return correct checksum. During drm edid read, correct edid checksum is calculated and stored at connector::real_edid_checksum. The problem is struct dp_panel::connector never be assigned, instead the connector is stored in struct msm_dp::connector. When we run compliance testing test case 4.2.2.6 dp_panel_handle_sink_request() won't have a valid edid set in struct dp_panel::edid so we'll try to use the connectors real_edid_checksum and hit a NULL pointer dereference error because the connector pointer is never assigned. Changes in V2: -- populate panel connector at msm_dp_modeset_init() instead of at dp_panel_read_sink_caps() Changes in V3: -- remove unhelpful kernel crash trace commit text -- remove renaming dp_display parameter to dp Changes in V4: -- add more details to commit text Changes in v10: -- group into one series Changes in v11: -- drop drm/msm/dp: dp_link_parse_sink_count() return immediately if aux read Signee-off-by: Kuogee Hsieh <quic_khsieh@quicinc.com>
AI Analysis
Technical Summary
CVE-2022-49221 is a vulnerability identified in the Linux kernel's Direct Rendering Manager (DRM) subsystem, specifically within the msm (Qualcomm Snapdragon) DisplayPort (dp) driver code. The issue arises from improper handling of the connector structure in the dp_panel component. During DisplayPort Compliance Test Specification (CTS) test case 4.2.2.6, which intentionally uses an EDID (Extended Display Identification Data) with a bad checksum to verify correct checksum handling by the DP source, the Linux kernel's drm edid read process calculates and stores the correct EDID checksum in connector::real_edid_checksum. However, the dp_panel structure's connector pointer is never assigned properly; instead, the connector is stored in the msm_dp structure. Consequently, when dp_panel_handle_sink_request() is executed during compliance testing, it attempts to access the dp_panel::edid field, which is invalid due to the unassigned connector pointer, leading to a NULL pointer dereference and kernel crash. The vulnerability is a classic use-after-null-pointer or NULL pointer dereference bug, causing a denial of service (DoS) via kernel panic or crash. The patch series evolved through multiple versions, ultimately ensuring that the panel connector is populated correctly during msm_dp_modeset_init(), preventing the NULL pointer dereference. This vulnerability affects specific Linux kernel versions containing the msm_dp driver code with the described faulty logic. There are no known exploits in the wild, and no CVSS score has been assigned yet. The vulnerability requires the system to process a malicious or malformed EDID during DisplayPort sink capability reading, which may be triggered by a connected malicious or compromised DisplayPort device or during compliance testing scenarios.
Potential Impact
For European organizations, the primary impact of CVE-2022-49221 is the potential for local or remote denial of service on Linux systems running affected kernel versions with Qualcomm MSM DisplayPort drivers. This could lead to unexpected kernel crashes, causing system instability or downtime. Organizations relying on Linux-based embedded systems, mobile devices, or specialized hardware using Qualcomm Snapdragon chipsets with DisplayPort functionality are at risk. The vulnerability could be exploited by connecting a malicious DisplayPort device or through crafted EDID data, potentially disrupting critical services or user operations. While the vulnerability does not appear to allow privilege escalation or arbitrary code execution, the resulting kernel panic could impact availability of systems, particularly in environments where uptime is critical such as industrial control, telecommunications, or network infrastructure. Given the lack of known exploits, the immediate risk is moderate, but organizations should consider the impact on service continuity and system reliability. The vulnerability is less likely to affect standard desktop or server Linux installations unless they use the affected msm_dp driver, which is more common in mobile or embedded platforms.
Mitigation Recommendations
To mitigate CVE-2022-49221, European organizations should: 1) Identify and inventory Linux systems running affected kernel versions with Qualcomm MSM DisplayPort drivers, particularly embedded or mobile devices. 2) Apply the latest Linux kernel patches that address this vulnerability, ensuring the msm_dp driver is updated to versions where the connector pointer is correctly assigned during msm_dp_modeset_init(). 3) If immediate patching is not possible, consider disabling DisplayPort functionality on affected devices or restricting physical access to DisplayPort interfaces to prevent connection of malicious devices. 4) Implement monitoring for kernel crashes or unusual system reboots that could indicate exploitation attempts. 5) For environments using compliance testing or automated EDID processing, validate input data rigorously to avoid triggering the vulnerability. 6) Coordinate with hardware vendors and Linux distribution maintainers to receive timely updates and advisories. 7) Incorporate this vulnerability into risk assessments for embedded and mobile Linux platforms and plan for controlled patch deployment to minimize operational disruption.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland
CVE-2022-49221: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: populate connector of struct dp_panel DP CTS test case 4.2.2.6 has valid edid with bad checksum on purpose and expect DP source return correct checksum. During drm edid read, correct edid checksum is calculated and stored at connector::real_edid_checksum. The problem is struct dp_panel::connector never be assigned, instead the connector is stored in struct msm_dp::connector. When we run compliance testing test case 4.2.2.6 dp_panel_handle_sink_request() won't have a valid edid set in struct dp_panel::edid so we'll try to use the connectors real_edid_checksum and hit a NULL pointer dereference error because the connector pointer is never assigned. Changes in V2: -- populate panel connector at msm_dp_modeset_init() instead of at dp_panel_read_sink_caps() Changes in V3: -- remove unhelpful kernel crash trace commit text -- remove renaming dp_display parameter to dp Changes in V4: -- add more details to commit text Changes in v10: -- group into one series Changes in v11: -- drop drm/msm/dp: dp_link_parse_sink_count() return immediately if aux read Signee-off-by: Kuogee Hsieh <quic_khsieh@quicinc.com>
AI-Powered Analysis
Technical Analysis
CVE-2022-49221 is a vulnerability identified in the Linux kernel's Direct Rendering Manager (DRM) subsystem, specifically within the msm (Qualcomm Snapdragon) DisplayPort (dp) driver code. The issue arises from improper handling of the connector structure in the dp_panel component. During DisplayPort Compliance Test Specification (CTS) test case 4.2.2.6, which intentionally uses an EDID (Extended Display Identification Data) with a bad checksum to verify correct checksum handling by the DP source, the Linux kernel's drm edid read process calculates and stores the correct EDID checksum in connector::real_edid_checksum. However, the dp_panel structure's connector pointer is never assigned properly; instead, the connector is stored in the msm_dp structure. Consequently, when dp_panel_handle_sink_request() is executed during compliance testing, it attempts to access the dp_panel::edid field, which is invalid due to the unassigned connector pointer, leading to a NULL pointer dereference and kernel crash. The vulnerability is a classic use-after-null-pointer or NULL pointer dereference bug, causing a denial of service (DoS) via kernel panic or crash. The patch series evolved through multiple versions, ultimately ensuring that the panel connector is populated correctly during msm_dp_modeset_init(), preventing the NULL pointer dereference. This vulnerability affects specific Linux kernel versions containing the msm_dp driver code with the described faulty logic. There are no known exploits in the wild, and no CVSS score has been assigned yet. The vulnerability requires the system to process a malicious or malformed EDID during DisplayPort sink capability reading, which may be triggered by a connected malicious or compromised DisplayPort device or during compliance testing scenarios.
Potential Impact
For European organizations, the primary impact of CVE-2022-49221 is the potential for local or remote denial of service on Linux systems running affected kernel versions with Qualcomm MSM DisplayPort drivers. This could lead to unexpected kernel crashes, causing system instability or downtime. Organizations relying on Linux-based embedded systems, mobile devices, or specialized hardware using Qualcomm Snapdragon chipsets with DisplayPort functionality are at risk. The vulnerability could be exploited by connecting a malicious DisplayPort device or through crafted EDID data, potentially disrupting critical services or user operations. While the vulnerability does not appear to allow privilege escalation or arbitrary code execution, the resulting kernel panic could impact availability of systems, particularly in environments where uptime is critical such as industrial control, telecommunications, or network infrastructure. Given the lack of known exploits, the immediate risk is moderate, but organizations should consider the impact on service continuity and system reliability. The vulnerability is less likely to affect standard desktop or server Linux installations unless they use the affected msm_dp driver, which is more common in mobile or embedded platforms.
Mitigation Recommendations
To mitigate CVE-2022-49221, European organizations should: 1) Identify and inventory Linux systems running affected kernel versions with Qualcomm MSM DisplayPort drivers, particularly embedded or mobile devices. 2) Apply the latest Linux kernel patches that address this vulnerability, ensuring the msm_dp driver is updated to versions where the connector pointer is correctly assigned during msm_dp_modeset_init(). 3) If immediate patching is not possible, consider disabling DisplayPort functionality on affected devices or restricting physical access to DisplayPort interfaces to prevent connection of malicious devices. 4) Implement monitoring for kernel crashes or unusual system reboots that could indicate exploitation attempts. 5) For environments using compliance testing or automated EDID processing, validate input data rigorously to avoid triggering the vulnerability. 6) Coordinate with hardware vendors and Linux distribution maintainers to receive timely updates and advisories. 7) Incorporate this vulnerability into risk assessments for embedded and mobile Linux platforms and plan for controlled patch deployment to minimize operational disruption.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-26T01:49:39.292Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9820c4522896dcbdd622
Added to database: 5/21/2025, 9:08:48 AM
Last enriched: 6/28/2025, 12:26:46 AM
Last updated: 8/12/2025, 3:53:50 AM
Views: 14
Related Threats
CVE-2025-8933: Cross Site Scripting in 1000 Projects Sales Management System
MediumCVE-2025-8932: SQL Injection in 1000 Projects Sales Management System
MediumCVE-2025-8931: SQL Injection in code-projects Medical Store Management System
MediumCVE-2025-8930: SQL Injection in code-projects Medical Store Management System
MediumCVE-2025-50610: n/a
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.