{
  "threat_severity" : "Low",
  "public_date" : "2025-02-26T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED",
    "id" : "2347676",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2347676"
  },
  "cvss3" : {
    "cvss3_base_score" : "3.3",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
    "status" : "verified"
  },
  "cwe" : "CWE-394",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nmedia: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED\nIf the callback 'start_streaming' fails, then all\nqueued buffers in the driver should be returned with\nstate 'VB2_BUF_STATE_QUEUED'. Currently, they are\nreturned with 'VB2_BUF_STATE_ERROR' which is wrong.\nFix this. This also fixes the warning:\n[   65.583633] WARNING: CPU: 5 PID: 593 at drivers/media/common/videobuf2/videobuf2-core.c:1612 vb2_start_streaming+0xd4/0x160 [videobuf2_common]\n[   65.585027] Modules linked in: snd_usb_audio snd_hwdep snd_usbmidi_lib snd_rawmidi snd_soc_hdmi_codec dw_hdmi_i2s_audio saa7115 stk1160 videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 videobuf2_common videodev mc crct10dif_ce panfrost snd_soc_simple_card snd_soc_audio_graph_card snd_soc_spdif_tx snd_soc_simple_card_utils gpu_sched phy_rockchip_pcie snd_soc_rockchip_i2s rockchipdrm analogix_dp dw_mipi_dsi dw_hdmi cec drm_kms_helper drm rtc_rk808 rockchip_saradc industrialio_triggered_buffer kfifo_buf rockchip_thermal pcie_rockchip_host ip_tables x_tables ipv6\n[   65.589383] CPU: 5 PID: 593 Comm: v4l2src0:src Tainted: G        W         5.16.0-rc4-62408-g32447129cb30-dirty #14\n[   65.590293] Hardware name: Radxa ROCK Pi 4B (DT)\n[   65.590696] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[   65.591304] pc : vb2_start_streaming+0xd4/0x160 [videobuf2_common]\n[   65.591850] lr : vb2_start_streaming+0x6c/0x160 [videobuf2_common]\n[   65.592395] sp : ffff800012bc3ad0\n[   65.592685] x29: ffff800012bc3ad0 x28: 0000000000000000 x27: ffff800012bc3cd8\n[   65.593312] x26: 0000000000000000 x25: ffff00000d8a7800 x24: 0000000040045612\n[   65.593938] x23: ffff800011323000 x22: ffff800012bc3cd8 x21: ffff00000908a8b0\n[   65.594562] x20: ffff00000908a8c8 x19: 00000000fffffff4 x18: ffffffffffffffff\n[   65.595188] x17: 000000040044ffff x16: 00400034b5503510 x15: ffff800011323f78\n[   65.595813] x14: ffff000013163886 x13: ffff000013163885 x12: 00000000000002ce\n[   65.596439] x11: 0000000000000028 x10: 0000000000000001 x9 : 0000000000000228\n[   65.597064] x8 : 0101010101010101 x7 : 7f7f7f7f7f7f7f7f x6 : fefefeff726c5e78\n[   65.597690] x5 : ffff800012bc3990 x4 : 0000000000000000 x3 : ffff000009a34880\n[   65.598315] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff000007cd99f0\n[   65.598940] Call trace:\n[   65.599155]  vb2_start_streaming+0xd4/0x160 [videobuf2_common]\n[   65.599672]  vb2_core_streamon+0x17c/0x1a8 [videobuf2_common]\n[   65.600179]  vb2_streamon+0x54/0x88 [videobuf2_v4l2]\n[   65.600619]  vb2_ioctl_streamon+0x54/0x60 [videobuf2_v4l2]\n[   65.601103]  v4l_streamon+0x3c/0x50 [videodev]\n[   65.601521]  __video_do_ioctl+0x1a4/0x428 [videodev]\n[   65.601977]  video_usercopy+0x320/0x828 [videodev]\n[   65.602419]  video_ioctl2+0x3c/0x58 [videodev]\n[   65.602830]  v4l2_ioctl+0x60/0x90 [videodev]\n[   65.603227]  __arm64_sys_ioctl+0xa8/0xe0\n[   65.603576]  invoke_syscall+0x54/0x118\n[   65.603911]  el0_svc_common.constprop.3+0x84/0x100\n[   65.604332]  do_el0_svc+0x34/0xa0\n[   65.604625]  el0_svc+0x1c/0x50\n[   65.604897]  el0t_64_sync_handler+0x88/0xb0\n[   65.605264]  el0t_64_sync+0x16c/0x170\n[   65.605587] ---[ end trace 578e0ba07742170d ]---" ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2022-11-15T00:00:00Z",
    "advisory" : "RHSA-2022:8267",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-162.6.1.el9_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2022-11-15T00:00:00Z",
    "advisory" : "RHSA-2022:8267",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-162.6.1.el9_1"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-49247\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49247\nhttps://lore.kernel.org/linux-cve-announce/2025022626-CVE-2022-49247-66c2@gregkh/T" ],
  "name" : "CVE-2022-49247",
  "csaw" : false
}