CVE-2022-49532

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fixed version

Description A NULL pointer dereference vulnerability has been found in the Linux kernel, specifically in the virtio gpu conn get modes function. This issue occurs because drm cvt mode may return NULL, and the code does not check for this condition. The vulnerability was discovered using the syzkaller tool. Technical details about the issue include a null-ptr-deref in virtio gpu conn get modes+0xb4/0x140 due to a read of size 4 at addr 0000000000000054.

Recommendations As a temporary workaround, consider disabling the virtio gpu module until a patch is available. Restrict access to the drm ioctl and drm mode getconnector functions to minimize the risk of exploitation. Avoid using the virtio gpu conn get modes function until the issue is resolved. Update to a newer version of the Linux kernel that includes the fix for this issue.