CVE-2022-50287 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved:

drm/i915/bios: fix a memory leak in generate_lfp_data_ptrs

When (size != 0 || ptrs->lvds_ entries != 3), the program tries to
free() the ptrs. However, the ptrs is not created by calling kzmalloc(),
but is obtained by pointer offset operation.
This may lead to memory leaks or undefined behavior.

Fix this by replacing the arguments of kfree() with ptrs_block.

(cherry picked from commit 7674cd0b7d28b952151c3df26bbfa7e07eb2b4ec)

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/1382901f75a5a7dc8eac05059fd0c7816def4eae
https://git.kernel.org/stable/c/4758d04014cfe6cdb6e9b4738d1d6728487bbb3a
https://git.kernel.org/stable/c/7c852e8f93f04e57c1e3883caa72542469c6c4c4

History

Mon, 15 Sep 2025 14:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: drm/i915/bios: fix a memory leak in generate_lfp_data_ptrs When (size != 0 \|\| ptrs->lvds_ entries != 3), the program tries to free() the ptrs. However, the ptrs is not created by calling kzmalloc(), but is obtained by pointer offset operation. This may lead to memory leaks or undefined behavior. Fix this by replacing the arguments of kfree() with ptrs_block. (cherry picked from commit 7674cd0b7d28b952151c3df26bbfa7e07eb2b4ec)
Title		drm/i915/bios: fix a memory leak in generate_lfp_data_ptrs
References		https://git.kernel.org/stable/c/1382901f75a5a7dc8eac05059fd0c7816def4eae https://git.kernel.org/stable/c/4758d04014cfe6cdb6e9b4738d1d6728487bbb3a https://git.kernel.org/stable/c/7c852e8f93f04e57c1e3883caa72542469c6c4c4

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-09-15T14:21:23.403Z

Updated: 2025-09-15T14:21:23.403Z

Reserved: 2025-09-15T13:58:00.977Z

Link: CVE-2022-50287

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-09-15T15:15:39.907

Modified: 2025-09-15T15:22:27.090

Link: CVE-2022-50287

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-50287", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-09-15T13:58:00.977Z", "datePublished": "2025-09-15T14:21:23.403Z", "dateUpdated": "2025-09-15T14:21:23.403Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-09-15T14:21:23.403Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/bios: fix a memory leak in generate_lfp_data_ptrs\n\nWhen (size != 0 || ptrs->lvds_ entries != 3), the program tries to\nfree() the ptrs. However, the ptrs is not created by calling kzmalloc(),\nbut is obtained by pointer offset operation.\nThis may lead to memory leaks or undefined behavior.\n\nFix this by replacing the arguments of kfree() with ptrs_block.\n\n(cherry picked from commit 7674cd0b7d28b952151c3df26bbfa7e07eb2b4ec)"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/i915/display/intel_bios.c"], "versions": [{"version": "a87d0a84760726445dcc0f0177623f0d683f3559", "lessThan": "4758d04014cfe6cdb6e9b4738d1d6728487bbb3a", "status": "affected", "versionType": "git"}, {"version": "a87d0a84760726445dcc0f0177623f0d683f3559", "lessThan": "7c852e8f93f04e57c1e3883caa72542469c6c4c4", "status": "affected", "versionType": "git"}, {"version": "a87d0a84760726445dcc0f0177623f0d683f3559", "lessThan": "1382901f75a5a7dc8eac05059fd0c7816def4eae", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/i915/display/intel_bios.c"], "versions": [{"version": "5.19", "status": "affected"}, {"version": "0", "lessThan": "5.19", "status": "unaffected", "versionType": "semver"}, {"version": "6.0.16", "lessThanOrEqual": "6.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.2", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.2", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.19", "versionEndExcluding": "6.0.16"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.19", "versionEndExcluding": "6.1.2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.19", "versionEndExcluding": "6.2"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/4758d04014cfe6cdb6e9b4738d1d6728487bbb3a"}, {"url": "https://git.kernel.org/stable/c/7c852e8f93f04e57c1e3883caa72542469c6c4c4"}, {"url": "https://git.kernel.org/stable/c/1382901f75a5a7dc8eac05059fd0c7816def4eae"}], "title": "drm/i915/bios: fix a memory leak in generate_lfp_data_ptrs", "x_generator": {"engine": "bippy-1.2.0"}}}}