{"id":"AZL-70765","summary":"CVE-2022-50256 affecting package kernel 5.15.200.1-1","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/meson: remove drm bridges at aggregate driver unbind time\n\ndrm bridges added by meson_encoder_hdmi_init and meson_encoder_cvbs_init\nwere not manually removed at module unload time, which caused dangling\nreferences to freed memory to remain linked in the global bridge_list.\n\nWhen loading the driver modules back in, the same functions would again\ncall drm_bridge_add, and when traversing the global bridge_list, would\nend up peeking into freed memory.\n\nOnce again KASAN revealed the problem:\n\n[  +0.000095] =============================================================\n[  +0.000008] BUG: KASAN: use-after-free in __list_add_valid+0x9c/0x120\n[  +0.000018] Read of size 8 at addr ffff00003da291f0 by task modprobe/2483\n\n[  +0.000018] CPU: 3 PID: 2483 Comm: modprobe Tainted: G         C O      5.19.0-rc6-lrmbkasan+ #1\n[  +0.000011] Hardware name: Hardkernel ODROID-N2Plus (DT)\n[  +0.000008] Call trace:\n[  +0.000006]  dump_backtrace+0x1ec/0x280\n[  +0.000012]  show_stack+0x24/0x80\n[  +0.000008]  dump_stack_lvl+0x98/0xd4\n[  +0.000011]  print_address_description.constprop.0+0x80/0x520\n[  +0.000011]  print_report+0x128/0x260\n[  +0.000008]  kasan_report+0xb8/0xfc\n[  +0.000008]  __asan_report_load8_noabort+0x3c/0x50\n[  +0.000009]  __list_add_valid+0x9c/0x120\n[  +0.000009]  drm_bridge_add+0x6c/0x104 [drm]\n[  +0.000165]  dw_hdmi_probe+0x1900/0x2360 [dw_hdmi]\n[  +0.000022]  meson_dw_hdmi_bind+0x520/0x814 [meson_dw_hdmi]\n[  +0.000014]  component_bind+0x174/0x520\n[  +0.000012]  component_bind_all+0x1a8/0x38c\n[  +0.000010]  meson_drv_bind_master+0x5e8/0xb74 [meson_drm]\n[  +0.000032]  meson_drv_bind+0x20/0x2c [meson_drm]\n[  +0.000027]  try_to_bring_up_aggregate_device+0x19c/0x390\n[  +0.000010]  component_master_add_with_match+0x1c8/0x284\n[  +0.000009]  meson_drv_probe+0x274/0x280 [meson_drm]\n[  +0.000026]  platform_probe+0xd0/0x220\n[  +0.000009]  really_probe+0x3ac/0xa80\n[  +0.000009]  __driver_probe_device+0x1f8/0x400\n[  +0.000009]  driver_probe_device+0x68/0x1b0\n[  +0.000009]  __driver_attach+0x20c/0x480\n[  +0.000008]  bus_for_each_dev+0x114/0x1b0\n[  +0.000009]  driver_attach+0x48/0x64\n[  +0.000008]  bus_add_driver+0x390/0x564\n[  +0.000009]  driver_register+0x1a8/0x3e4\n[  +0.000009]  __platform_driver_register+0x6c/0x94\n[  +0.000008]  meson_drm_platform_driver_init+0x3c/0x1000 [meson_drm]\n[  +0.000027]  do_one_initcall+0xc4/0x2b0\n[  +0.000011]  do_init_module+0x154/0x570\n[  +0.000011]  load_module+0x1a78/0x1ea4\n[  +0.000008]  __do_sys_init_module+0x184/0x1cc\n[  +0.000009]  __arm64_sys_init_module+0x78/0xb0\n[  +0.000009]  invoke_syscall+0x74/0x260\n[  +0.000009]  el0_svc_common.constprop.0+0xcc/0x260\n[  +0.000008]  do_el0_svc+0x50/0x70\n[  +0.000007]  el0_svc+0x68/0x1a0\n[  +0.000012]  el0t_64_sync_handler+0x11c/0x150\n[  +0.000008]  el0t_64_sync+0x18c/0x190\n\n[  +0.000016] Allocated by task 879:\n[  +0.000008]  kasan_save_stack+0x2c/0x5c\n[  +0.000011]  __kasan_kmalloc+0x90/0xd0\n[  +0.000007]  __kmalloc+0x278/0x4a0\n[  +0.000011]  mpi_resize+0x13c/0x1d0\n[  +0.000011]  mpi_powm+0xd24/0x1570\n[  +0.000009]  rsa_enc+0x1a4/0x30c\n[  +0.000009]  pkcs1pad_verify+0x3f0/0x580\n[  +0.000009]  public_key_verify_signature+0x7a8/0xba4\n[  +0.000010]  public_key_verify_signature_2+0x40/0x60\n[  +0.000008]  verify_signature+0xb4/0x114\n[  +0.000008]  pkcs7_validate_trust_one.constprop.0+0x3b8/0x574\n[  +0.000009]  pkcs7_validate_trust+0xb8/0x15c\n[  +0.000008]  verify_pkcs7_message_sig+0xec/0x1b0\n[  +0.000012]  verify_pkcs7_signature+0x78/0xac\n[  +0.000007]  mod_verify_sig+0x110/0x190\n[  +0.000009]  module_sig_check+0x114/0x1e0\n[  +0.000009]  load_module+0xa0/0x1ea4\n[  +0.000008]  __do_sys_init_module+0x184/0x1cc\n[  +0.000008]  __arm64_sys_init_module+0x78/0xb0\n[  +0.000008]  invoke_syscall+0x74/0x260\n[  +0.000009]  el0_svc_common.constprop.0+0x1a8/0x260\n[  +0.000008]  do_el0_svc+0x50/0x70\n[  +0.000007]  el0_svc+0x68/0x1a0\n[  +0.000009]  el0t_64_sync_handler+0x11c/0x150\n[  +0.000009]  el0t_64\n---truncated---","modified":"2026-04-21T04:36:27.653263Z","published":"2025-09-15T14:15:36Z","upstream":["CVE-2022-50256"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-50256"}],"affected":[{"package":{"name":"kernel","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/kernel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"5.15.200.1-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-70765.json"}}],"schema_version":"1.7.5"}