CVE-2022-49458: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: drm/msm: don't free the IRQ if it was not requested As msm_drm_uninit() is called from the msm_drm_init() error path, additional care should be necessary as not to call the free_irq() for the IRQ that was not requested before (because an error occured earlier than the request_irq() call). This fixed the issue reported with the following backtrace: [ 8.571329] Trying to free already-free IRQ 187 [ 8.571339] WARNING: CPU: 0 PID: 76 at kernel/irq/manage.c:1895 free_irq+0x1e0/0x35c [ 8.588746] Modules linked in: pmic_glink pdr_interface fastrpc qrtr_smd snd_soc_hdmi_codec msm fsa4480 gpu_sched drm_dp_aux_bus qrtr i2c_qcom_geni crct10dif_ce qcom_stats qcom_q6v5_pas drm_display_helper gpi qcom_pil_info drm_kms_helper qcom_q6v5 qcom_sysmon qcom_common qcom_glink_smem qcom_rng mdt_loader qmi_helpers phy_qcom_qmp ufs_qcom typec qnoc_sm8350 socinfo rmtfs_mem fuse drm ipv6 [ 8.624154] CPU: 0 PID: 76 Comm: kworker/u16:2 Not tainted 5.18.0-rc5-next-20220506-00033-g6cee8cab6089-dirty #419 [ 8.624161] Hardware name: Qualcomm Technologies, Inc. SM8350 HDK (DT) [ 8.641496] Workqueue: events_unbound deferred_probe_work_func [ 8.647510] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 8.654681] pc : free_irq+0x1e0/0x35c [ 8.658454] lr : free_irq+0x1e0/0x35c [ 8.662228] sp : ffff800008ab3950 [ 8.665642] x29: ffff800008ab3950 x28: 0000000000000000 x27: ffff16350f56a700 [ 8.672994] x26: ffff1635025df080 x25: ffff16350251badc x24: ffff16350251bb90 [ 8.680343] x23: 0000000000000000 x22: 00000000000000bb x21: ffff16350e8f9800 [ 8.687690] x20: ffff16350251ba00 x19: ffff16350cbd5880 x18: ffffffffffffffff [ 8.695039] x17: 0000000000000000 x16: ffffa2dd12179434 x15: ffffa2dd1431d02d [ 8.702391] x14: 0000000000000000 x13: ffffa2dd1431d028 x12: 662d79646165726c [ 8.709740] x11: ffffa2dd13fd2438 x10: 000000000000000a x9 : 00000000000000bb [ 8.717111] x8 : ffffa2dd13fd23f0 x7 : ffff800008ab3750 x6 : 00000000fffff202 [ 8.724487] x5 : ffff16377e870a18 x4 : 00000000fffff202 x3 : ffff735a6ae1b000 [ 8.731851] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff1635015f8000 [ 8.739217] Call trace: [ 8.741755] free_irq+0x1e0/0x35c [ 8.745198] msm_drm_uninit.isra.0+0x14c/0x294 [msm] [ 8.750548] msm_drm_bind+0x28c/0x5d0 [msm] [ 8.755081] try_to_bring_up_aggregate_device+0x164/0x1d0 [ 8.760657] __component_add+0xa0/0x170 [ 8.764626] component_add+0x14/0x20 [ 8.768337] dp_display_probe+0x2a4/0x464 [msm] [ 8.773242] platform_probe+0x68/0xe0 [ 8.777043] really_probe.part.0+0x9c/0x28c [ 8.781368] __driver_probe_device+0x98/0x144 [ 8.785871] driver_probe_device+0x40/0x140 [ 8.790191] __device_attach_driver+0xb4/0x120 [ 8.794788] bus_for_each_drv+0x78/0xd0 [ 8.798751] __device_attach+0xdc/0x184 [ 8.802713] device_initial_probe+0x14/0x20 [ 8.807031] bus_probe_device+0x9c/0xa4 [ 8.810991] deferred_probe_work_func+0x88/0xc0 [ 8.815667] process_one_work+0x1d0/0x320 [ 8.819809] worker_thread+0x14c/0x444 [ 8.823688] kthread+0x10c/0x110 [ 8.827036] ret_from_fork+0x10/0x20 Patchwork: https://patchwork.freedesktop.org/patch/485422/
AI Analysis
Technical Summary
CVE-2022-49458 is a vulnerability identified in the Linux kernel specifically within the Direct Rendering Manager (DRM) subsystem for Qualcomm's MSM (Mobile Station Modem) platform. The flaw arises from improper handling of interrupt requests (IRQs) during error paths in the msm_drm driver. When the msm_drm_init() function encounters an error before successfully requesting an IRQ via request_irq(), the subsequent call to msm_drm_uninit() erroneously attempts to free an IRQ that was never allocated. This results in a double-free or freeing of an already freed IRQ, which triggers kernel warnings and can lead to instability or kernel crashes. The backtrace provided in the description shows the kernel attempting to free IRQ 187 multiple times, causing a warning in the kernel's IRQ management code. The issue is rooted in the error handling logic where free_irq() is called without verifying if the IRQ was successfully requested. This vulnerability affects Linux kernel versions containing the msm_drm driver for Qualcomm hardware, particularly the SM8350 platform, which is used in certain Qualcomm Snapdragon chipsets. Although no known exploits are currently reported in the wild, the flaw can cause denial of service (DoS) conditions by crashing or destabilizing the kernel, potentially impacting system availability. The patch involves adding checks to ensure free_irq() is only called if the IRQ was successfully requested, preventing the double-free scenario. This vulnerability is technical and specific to the DRM driver on Qualcomm MSM platforms within Linux kernels, and it requires kernel-level access to trigger.
Potential Impact
For European organizations, the primary impact of CVE-2022-49458 lies in potential system instability or denial of service on devices running affected Linux kernels with Qualcomm MSM DRM drivers. This is particularly relevant for organizations deploying embedded systems, mobile devices, or specialized hardware using Qualcomm Snapdragon chipsets with Linux-based operating systems. The vulnerability could cause unexpected kernel crashes, leading to downtime or service interruptions. While it does not directly lead to privilege escalation or data breaches, the resulting DoS could disrupt critical services, especially in telecommunications, industrial control systems, or IoT deployments that rely on Qualcomm hardware. Given the widespread use of Linux in servers, desktops, and embedded devices, any affected systems in European enterprises or service providers could experience reliability issues until patched. However, the impact is limited to systems using the specific MSM DRM driver and Qualcomm hardware, so general Linux server infrastructure without this hardware is unaffected. No known active exploitation reduces immediate risk, but unpatched systems remain vulnerable to accidental crashes or targeted DoS attempts.
Mitigation Recommendations
European organizations should prioritize updating Linux kernels to versions that include the fix for CVE-2022-49458. Specifically, they should apply patches that add proper checks before calling free_irq() in the msm_drm driver error paths. For embedded and mobile devices using Qualcomm MSM platforms, firmware and kernel updates from device vendors or Qualcomm should be deployed promptly. System administrators should audit their device inventory to identify hardware using affected Qualcomm chipsets and verify kernel versions. In environments where immediate patching is not feasible, monitoring kernel logs for IRQ free warnings can help detect attempts to trigger this issue. Additionally, implementing kernel crash dump and recovery mechanisms can reduce downtime caused by potential crashes. For critical infrastructure, consider isolating affected devices or limiting exposure to untrusted inputs that might trigger the error path. Collaboration with hardware vendors to ensure timely firmware and driver updates is also recommended. Finally, maintain robust backup and recovery procedures to mitigate service disruption risks.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Sweden, Finland, Poland
CVE-2022-49458: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: drm/msm: don't free the IRQ if it was not requested As msm_drm_uninit() is called from the msm_drm_init() error path, additional care should be necessary as not to call the free_irq() for the IRQ that was not requested before (because an error occured earlier than the request_irq() call). This fixed the issue reported with the following backtrace: [ 8.571329] Trying to free already-free IRQ 187 [ 8.571339] WARNING: CPU: 0 PID: 76 at kernel/irq/manage.c:1895 free_irq+0x1e0/0x35c [ 8.588746] Modules linked in: pmic_glink pdr_interface fastrpc qrtr_smd snd_soc_hdmi_codec msm fsa4480 gpu_sched drm_dp_aux_bus qrtr i2c_qcom_geni crct10dif_ce qcom_stats qcom_q6v5_pas drm_display_helper gpi qcom_pil_info drm_kms_helper qcom_q6v5 qcom_sysmon qcom_common qcom_glink_smem qcom_rng mdt_loader qmi_helpers phy_qcom_qmp ufs_qcom typec qnoc_sm8350 socinfo rmtfs_mem fuse drm ipv6 [ 8.624154] CPU: 0 PID: 76 Comm: kworker/u16:2 Not tainted 5.18.0-rc5-next-20220506-00033-g6cee8cab6089-dirty #419 [ 8.624161] Hardware name: Qualcomm Technologies, Inc. SM8350 HDK (DT) [ 8.641496] Workqueue: events_unbound deferred_probe_work_func [ 8.647510] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 8.654681] pc : free_irq+0x1e0/0x35c [ 8.658454] lr : free_irq+0x1e0/0x35c [ 8.662228] sp : ffff800008ab3950 [ 8.665642] x29: ffff800008ab3950 x28: 0000000000000000 x27: ffff16350f56a700 [ 8.672994] x26: ffff1635025df080 x25: ffff16350251badc x24: ffff16350251bb90 [ 8.680343] x23: 0000000000000000 x22: 00000000000000bb x21: ffff16350e8f9800 [ 8.687690] x20: ffff16350251ba00 x19: ffff16350cbd5880 x18: ffffffffffffffff [ 8.695039] x17: 0000000000000000 x16: ffffa2dd12179434 x15: ffffa2dd1431d02d [ 8.702391] x14: 0000000000000000 x13: ffffa2dd1431d028 x12: 662d79646165726c [ 8.709740] x11: ffffa2dd13fd2438 x10: 000000000000000a x9 : 00000000000000bb [ 8.717111] x8 : ffffa2dd13fd23f0 x7 : ffff800008ab3750 x6 : 00000000fffff202 [ 8.724487] x5 : ffff16377e870a18 x4 : 00000000fffff202 x3 : ffff735a6ae1b000 [ 8.731851] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff1635015f8000 [ 8.739217] Call trace: [ 8.741755] free_irq+0x1e0/0x35c [ 8.745198] msm_drm_uninit.isra.0+0x14c/0x294 [msm] [ 8.750548] msm_drm_bind+0x28c/0x5d0 [msm] [ 8.755081] try_to_bring_up_aggregate_device+0x164/0x1d0 [ 8.760657] __component_add+0xa0/0x170 [ 8.764626] component_add+0x14/0x20 [ 8.768337] dp_display_probe+0x2a4/0x464 [msm] [ 8.773242] platform_probe+0x68/0xe0 [ 8.777043] really_probe.part.0+0x9c/0x28c [ 8.781368] __driver_probe_device+0x98/0x144 [ 8.785871] driver_probe_device+0x40/0x140 [ 8.790191] __device_attach_driver+0xb4/0x120 [ 8.794788] bus_for_each_drv+0x78/0xd0 [ 8.798751] __device_attach+0xdc/0x184 [ 8.802713] device_initial_probe+0x14/0x20 [ 8.807031] bus_probe_device+0x9c/0xa4 [ 8.810991] deferred_probe_work_func+0x88/0xc0 [ 8.815667] process_one_work+0x1d0/0x320 [ 8.819809] worker_thread+0x14c/0x444 [ 8.823688] kthread+0x10c/0x110 [ 8.827036] ret_from_fork+0x10/0x20 Patchwork: https://patchwork.freedesktop.org/patch/485422/
AI-Powered Analysis
Technical Analysis
CVE-2022-49458 is a vulnerability identified in the Linux kernel specifically within the Direct Rendering Manager (DRM) subsystem for Qualcomm's MSM (Mobile Station Modem) platform. The flaw arises from improper handling of interrupt requests (IRQs) during error paths in the msm_drm driver. When the msm_drm_init() function encounters an error before successfully requesting an IRQ via request_irq(), the subsequent call to msm_drm_uninit() erroneously attempts to free an IRQ that was never allocated. This results in a double-free or freeing of an already freed IRQ, which triggers kernel warnings and can lead to instability or kernel crashes. The backtrace provided in the description shows the kernel attempting to free IRQ 187 multiple times, causing a warning in the kernel's IRQ management code. The issue is rooted in the error handling logic where free_irq() is called without verifying if the IRQ was successfully requested. This vulnerability affects Linux kernel versions containing the msm_drm driver for Qualcomm hardware, particularly the SM8350 platform, which is used in certain Qualcomm Snapdragon chipsets. Although no known exploits are currently reported in the wild, the flaw can cause denial of service (DoS) conditions by crashing or destabilizing the kernel, potentially impacting system availability. The patch involves adding checks to ensure free_irq() is only called if the IRQ was successfully requested, preventing the double-free scenario. This vulnerability is technical and specific to the DRM driver on Qualcomm MSM platforms within Linux kernels, and it requires kernel-level access to trigger.
Potential Impact
For European organizations, the primary impact of CVE-2022-49458 lies in potential system instability or denial of service on devices running affected Linux kernels with Qualcomm MSM DRM drivers. This is particularly relevant for organizations deploying embedded systems, mobile devices, or specialized hardware using Qualcomm Snapdragon chipsets with Linux-based operating systems. The vulnerability could cause unexpected kernel crashes, leading to downtime or service interruptions. While it does not directly lead to privilege escalation or data breaches, the resulting DoS could disrupt critical services, especially in telecommunications, industrial control systems, or IoT deployments that rely on Qualcomm hardware. Given the widespread use of Linux in servers, desktops, and embedded devices, any affected systems in European enterprises or service providers could experience reliability issues until patched. However, the impact is limited to systems using the specific MSM DRM driver and Qualcomm hardware, so general Linux server infrastructure without this hardware is unaffected. No known active exploitation reduces immediate risk, but unpatched systems remain vulnerable to accidental crashes or targeted DoS attempts.
Mitigation Recommendations
European organizations should prioritize updating Linux kernels to versions that include the fix for CVE-2022-49458. Specifically, they should apply patches that add proper checks before calling free_irq() in the msm_drm driver error paths. For embedded and mobile devices using Qualcomm MSM platforms, firmware and kernel updates from device vendors or Qualcomm should be deployed promptly. System administrators should audit their device inventory to identify hardware using affected Qualcomm chipsets and verify kernel versions. In environments where immediate patching is not feasible, monitoring kernel logs for IRQ free warnings can help detect attempts to trigger this issue. Additionally, implementing kernel crash dump and recovery mechanisms can reduce downtime caused by potential crashes. For critical infrastructure, consider isolating affected devices or limiting exposure to untrusted inputs that might trigger the error path. Collaboration with hardware vendors to ensure timely firmware and driver updates is also recommended. Finally, maintain robust backup and recovery procedures to mitigate service disruption risks.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-26T02:08:31.574Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982ec4522896dcbe5abb
Added to database: 5/21/2025, 9:09:02 AM
Last enriched: 6/30/2025, 7:39:39 AM
Last updated: 7/31/2025, 12:25:12 PM
Views: 12
Related Threats
CVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9088: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9087: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-8878: CWE-94 Improper Control of Generation of Code ('Code Injection') in properfraction Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.