{
  "threat_severity" : "Low",
  "public_date" : "2025-02-26T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: fbdev: Fix unregistering of framebuffers without device",
    "id" : "2347832",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2347832"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.4",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-476",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nfbdev: Fix unregistering of framebuffers without device\nOF framebuffers do not have an underlying device in the Linux\ndevice hierarchy. Do a regular unregister call instead of hot\nunplugging such a non-existing device. Fixes a NULL dereference.\nAn example error message on ppc64le is shown below.\nBUG: Kernel NULL pointer dereference on read at 0x00000060\nFaulting instruction address: 0xc00000000080dfa4\nOops: Kernel access of bad area, sig: 11 [#1]\nLE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries\n[...]\nCPU: 2 PID: 139 Comm: systemd-udevd Not tainted 5.17.0-ae085d7f9365 #1\nNIP:  c00000000080dfa4 LR: c00000000080df9c CTR: c000000000797430\nREGS: c000000004132fe0 TRAP: 0300   Not tainted  (5.17.0-ae085d7f9365)\nMSR:  8000000002009033 <SF,VEC,EE,ME,IR,DR,RI,LE>  CR: 28228282  XER: 20000000\nCFAR: c00000000000c80c DAR: 0000000000000060 DSISR: 40000000 IRQMASK: 0\nGPR00: c00000000080df9c c000000004133280 c00000000169d200 0000000000000029\nGPR04: 00000000ffffefff c000000004132f90 c000000004132f88 0000000000000000\nGPR08: c0000000015658f8 c0000000015cd200 c0000000014f57d0 0000000048228283\nGPR12: 0000000000000000 c00000003fffe300 0000000020000000 0000000000000000\nGPR16: 0000000000000000 0000000113fc4a40 0000000000000005 0000000113fcfb80\nGPR20: 000001000f7283b0 0000000000000000 c000000000e4a588 c000000000e4a5b0\nGPR24: 0000000000000001 00000000000a0000 c008000000db0168 c0000000021f6ec0\nGPR28: c0000000016d65a8 c000000004b36460 0000000000000000 c0000000016d64b0\nNIP [c00000000080dfa4] do_remove_conflicting_framebuffers+0x184/0x1d0\n[c000000004133280] [c00000000080df9c] do_remove_conflicting_framebuffers+0x17c/0x1d0 (unreliable)\n[c000000004133350] [c00000000080e4d0] remove_conflicting_framebuffers+0x60/0x150\n[c0000000041333a0] [c00000000080e6f4] remove_conflicting_pci_framebuffers+0x134/0x1b0\n[c000000004133450] [c008000000e70438] drm_aperture_remove_conflicting_pci_framebuffers+0x90/0x100 [drm]\n[c000000004133490] [c008000000da0ce4] bochs_pci_probe+0x6c/0xa64 [bochs]\n[...]\n[c000000004133db0] [c00000000002aaa0] system_call_exception+0x170/0x2d0\n[c000000004133e10] [c00000000000c3cc] system_call_common+0xec/0x250\nThe bug [1] was introduced by commit 27599aacbaef (\"fbdev: Hot-unplug\nfirmware fb devices on forced removal\"). Most firmware framebuffers\nhave an underlying platform device, which can be hot-unplugged\nbefore loading the native graphics driver. OF framebuffers do not\n(yet) have that device. Fix the code by unregistering the framebuffer\nas before without a hot unplug.\nTested with 5.17 on qemu ppc64le emulation." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-05-09T00:00:00Z",
    "advisory" : "RHSA-2023:2458",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-284.11.1.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-05-09T00:00:00Z",
    "advisory" : "RHSA-2023:2458",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-284.11.1.el9_2"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-49070\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49070\nhttps://lore.kernel.org/linux-cve-announce/2025022655-CVE-2022-49070-6511@gregkh/T" ],
  "name" : "CVE-2022-49070",
  "csaw" : false
}