Home

Description

In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Fix kvzalloc vs state_kcalloc usage adreno_show_object() is a trap! It will re-allocate the pointer it is passed on first call, when the data is ascii85 encoded, using kvmalloc/ kvfree(). Which means the data *passed* to it must be kvmalloc'd, ie. we cannot use the state_kcalloc() helper. This partially reverts commit ec8f1813bf8d ("drm/msm/a6xx: Replace kcalloc() with kvzalloc()"), but adds the missing kvfree() to fix the memory leak that was present previously. And adds a warning comment. Patchwork: https://patchwork.freedesktop.org/patch/507014/

PUBLISHED Reserved 2025-12-30 | Published 2025-12-30 | Updated 2025-12-30 | Assigner Linux

Product status

Default status
unaffected

b859f9b009bbfbc236d9b076c64c59ccb41b8737 (git) before 4b1bbc0571a5d7ee10f754186dc3d619b9ced5c1
affected

b859f9b009bbfbc236d9b076c64c59ccb41b8737 (git) before 83d18e9d9c0150d98dc24e3642ea93f5e245322c
affected

Default status
affected

5.17
affected

Any version before 5.17
unaffected

6.0.7 (semver)
unaffected

6.1 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/4b1bbc0571a5d7ee10f754186dc3d619b9ced5c1

git.kernel.org/...c/83d18e9d9c0150d98dc24e3642ea93f5e245322c

cve.org (CVE-2022-50867)

nvd.nist.gov (CVE-2022-50867)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.