{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-50360", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-09-17T14:53:06.994Z", "datePublished": "2025-09-17T14:56:12.260Z", "dateUpdated": "2025-09-17T14:56:12.260Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-09-17T14:56:12.260Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dp: fix aux-bus EP lifetime\n\nDevice-managed resources allocated post component bind must be tied to\nthe lifetime of the aggregate DRM device or they will not necessarily be\nreleased when binding of the aggregate device is deferred.\n\nThis can lead resource leaks or failure to bind the aggregate device\nwhen binding is later retried and a second attempt to allocate the\nresources is made.\n\nFor the DP aux-bus, an attempt to populate the bus a second time will\nsimply fail (\"DP AUX EP device already populated\").\n\nFix this by tying the lifetime of the EP device to the DRM device rather\nthan DP controller platform device.\n\nPatchwork: https://patchwork.freedesktop.org/patch/502672/"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/msm/dp/dp_display.c"], "versions": [{"version": "c3bf8e21b38a89418f2e22173b229aaad2306815", "lessThan": "8768663188e4169333f66583e4d2432e65c421df", "status": "affected", "versionType": "git"}, {"version": "c3bf8e21b38a89418f2e22173b229aaad2306815", "lessThan": "2b57f726611e294dc4297dd48eb8c98ef1938e82", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/msm/dp/dp_display.c"], "versions": [{"version": "5.19", "status": "affected"}, {"version": "0", "lessThan": "5.19", "status": "unaffected", "versionType": "semver"}, {"version": "6.0.7", "lessThanOrEqual": "6.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.19", "versionEndExcluding": "6.0.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.19", "versionEndExcluding": "6.1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/8768663188e4169333f66583e4d2432e65c421df"}, {"url": "https://git.kernel.org/stable/c/2b57f726611e294dc4297dd48eb8c98ef1938e82"}], "title": "drm/msm/dp: fix aux-bus EP lifetime", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D9694D0E-0FD9-4B71-BD7E-6A6EC3BE4954", "versionEndExcluding": "6.0.7", "versionStartIncluding": "5.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "E7E331DA-1FB0-4DEC-91AC-7DA69D461C11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*", "matchCriteriaId": "17F0B248-42CF-4AE6-A469-BB1BAE7F4705", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dp: fix aux-bus EP lifetime\n\nDevice-managed resources allocated post component bind must be tied to\nthe lifetime of the aggregate DRM device or they will not necessarily be\nreleased when binding of the aggregate device is deferred.\n\nThis can lead resource leaks or failure to bind the aggregate device\nwhen binding is later retried and a second attempt to allocate the\nresources is made.\n\nFor the DP aux-bus, an attempt to populate the bus a second time will\nsimply fail (\"DP AUX EP device already populated\").\n\nFix this by tying the lifetime of the EP device to the DRM device rather\nthan DP controller platform device.\n\nPatchwork: https://patchwork.freedesktop.org/patch/502672/"}], "id": "CVE-2022-50360", "lastModified": "2025-12-10T17:58:34.443", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-09-17T15:15:34.753", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2b57f726611e294dc4297dd48eb8c98ef1938e82"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8768663188e4169333f66583e4d2432e65c421df"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: drm/msm/dp: fix aux-bus EP lifetime", "id": "2396125", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396125"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["No description is available for this CVE."], "name": "CVE-2022-50360", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-09-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-50360\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-50360\nhttps://lore.kernel.org/linux-cve-announce/2025091715-CVE-2022-50360-00c7@gregkh/T"], "threat_severity": "Moderate"}

{"created": "2025-09-18T12:41:31.837088+00:00", "updated": "2025-09-18T12:41:31.837196+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}