{"id":"CVE-2022-49827","summary":"drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: Fix potential null-ptr-deref in drm_vblank_destroy_worker()\n\ndrm_vblank_init() call drmm_add_action_or_reset() with\ndrm_vblank_init_release() as action. If __drmm_add_action() failed, will\ndirectly call drm_vblank_init_release() with the vblank whose worker is\nNULL. As the resule, a null-ptr-deref will happen in\nkthread_destroy_worker(). Add the NULL check before calling\ndrm_vblank_destroy_worker().\n\nBUG: null-ptr-deref\nKASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f]\nCPU: 5 PID: 961 Comm: modprobe Not tainted 6.0.0-11331-gd465bff130bf-dirty\nRIP: 0010:kthread_destroy_worker+0x25/0xb0\n  Call Trace:\n    \u003cTASK\u003e\n    drm_vblank_init_release+0x124/0x220 [drm]\n    ? drm_crtc_vblank_restore+0x8b0/0x8b0 [drm]\n    __drmm_add_action_or_reset+0x41/0x50 [drm]\n    drm_vblank_init+0x282/0x310 [drm]\n    vkms_init+0x35f/0x1000 [vkms]\n    ? 0xffffffffc4508000\n    ? lock_is_held_type+0xd7/0x130\n    ? __kmem_cache_alloc_node+0x1c2/0x2b0\n    ? lock_is_held_type+0xd7/0x130\n    ? 0xffffffffc4508000\n    do_one_initcall+0xd0/0x4f0\n    ...\n    do_syscall_64+0x35/0x80\n    entry_SYSCALL_64_after_hwframe+0x46/0xb0","modified":"2026-04-03T13:14:47.385350Z","published":"2025-05-01T14:09:46.805Z","related":["SUSE-SU-2025:01918-1","SUSE-SU-2025:01966-1","SUSE-SU-2025:01982-1","SUSE-SU-2025:01995-1","SUSE-SU-2025:02173-1","SUSE-SU-2025:02262-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49827.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/1d160dfb3fdf11ba9447e862c548447f91f4e74a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3acd2016421b2e628acad65495d15493bf7a3bc3"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4979524f5a2a8210e87fde2f642b0dc060860821"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e884a6c2d49a6c12761e5bed851e9fe93bd923a1"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49827.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-49827"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"5e6c2b4f916157e8f10d093d43e88b2a250d1774"},{"fixed":"1d160dfb3fdf11ba9447e862c548447f91f4e74a"},{"fixed":"e884a6c2d49a6c12761e5bed851e9fe93bd923a1"},{"fixed":"3acd2016421b2e628acad65495d15493bf7a3bc3"},{"fixed":"4979524f5a2a8210e87fde2f642b0dc060860821"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49827.json"}}],"schema_version":"1.7.5"}