{
  "threat_severity" : "Moderate",
  "public_date" : "2025-06-18T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: drm/ttm: Fix dummy res NULL ptr deref bug",
    "id" : "2373573",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2373573"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-476",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\ndrm/ttm: Fix dummy res NULL ptr deref bug\nCheck the bo->resource value before accessing the resource\nmem_type.\nv2: Fix commit description unwrapped warning\n<log snip>\n[   40.191227][  T184] general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] SMP KASAN PTI\n[   40.192995][  T184] KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\n[   40.194411][  T184] CPU: 1 PID: 184 Comm: systemd-udevd Not tainted 5.19.0-rc4-00721-gb297c22b7070 #1\n[   40.196063][  T184] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-4 04/01/2014\n[   40.199605][  T184] RIP: 0010:ttm_bo_validate+0x1b3/0x240 [ttm]\n[   40.200754][  T184] Code: e8 72 c5 ff ff 83 f8 b8 74 d4 85 c0 75 54 49 8b 9e 58 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 10 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 04 3c 03 7e 44 8b 53 10 31 c0 85 d2 0f 85 58\n[   40.203685][  T184] RSP: 0018:ffffc900006df0c8 EFLAGS: 00010202\n[   40.204630][  T184] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 1ffff1102f4bb71b\n[   40.205864][  T184] RDX: 0000000000000002 RSI: ffffc900006df208 RDI: 0000000000000010\n[   40.207102][  T184] RBP: 1ffff920000dbe1a R08: ffffc900006df208 R09: 0000000000000000\n[   40.208394][  T184] R10: ffff88817a5f0000 R11: 0000000000000001 R12: ffffc900006df110\n[   40.209692][  T184] R13: ffffc900006df0f0 R14: ffff88817a5db800 R15: ffffc900006df208\n[   40.210862][  T184] FS:  00007f6b1d16e8c0(0000) GS:ffff88839d700000(0000) knlGS:0000000000000000\n[   40.212250][  T184] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[   40.213275][  T184] CR2: 000055a1001d4ff0 CR3: 00000001700f4000 CR4: 00000000000006e0\n[   40.214469][  T184] Call Trace:\n[   40.214974][  T184]  <TASK>\n[   40.215438][  T184]  ? ttm_bo_bounce_temp_buffer+0x140/0x140 [ttm]\n[   40.216572][  T184]  ? mutex_spin_on_owner+0x240/0x240\n[   40.217456][  T184]  ? drm_vma_offset_add+0xaa/0x100 [drm]\n[   40.218457][  T184]  ttm_bo_init_reserved+0x3d6/0x540 [ttm]\n[   40.219410][  T184]  ? shmem_get_inode+0x744/0x980\n[   40.220231][  T184]  ttm_bo_init_validate+0xb1/0x200 [ttm]\n[   40.221172][  T184]  ? bo_driver_evict_flags+0x340/0x340 [drm_vram_helper]\n[   40.222530][  T184]  ? ttm_bo_init_reserved+0x540/0x540 [ttm]\n[   40.223643][  T184]  ? __do_sys_finit_module+0x11a/0x1c0\n[   40.224654][  T184]  ? __shmem_file_setup+0x102/0x280\n[   40.234764][  T184]  drm_gem_vram_create+0x305/0x480 [drm_vram_helper]\n[   40.235766][  T184]  ? bo_driver_evict_flags+0x340/0x340 [drm_vram_helper]\n[   40.236846][  T184]  ? __kasan_slab_free+0x108/0x180\n[   40.237650][  T184]  drm_gem_vram_fill_create_dumb+0x134/0x340 [drm_vram_helper]\n[   40.238864][  T184]  ? local_pci_probe+0xdf/0x180\n[   40.239674][  T184]  ? drmm_vram_helper_init+0x400/0x400 [drm_vram_helper]\n[   40.240826][  T184]  drm_client_framebuffer_create+0x19c/0x400 [drm]\n[   40.241955][  T184]  ? drm_client_buffer_delete+0x200/0x200 [drm]\n[   40.243001][  T184]  ? drm_client_pick_crtcs+0x554/0xb80 [drm]\n[   40.244030][  T184]  drm_fb_helper_generic_probe+0x23f/0x940 [drm_kms_helper]\n[   40.245226][  T184]  ? __cond_resched+0x1c/0xc0\n[   40.245987][  T184]  ? drm_fb_helper_memory_range_to_clip+0x180/0x180 [drm_kms_helper]\n[   40.247316][  T184]  ? mutex_unlock+0x80/0x100\n[   40.248005][  T184]  ? __mutex_unlock_slowpath+0x2c0/0x2c0\n[   40.249083][  T184]  drm_fb_helper_single_fb_probe+0x907/0xf00 [drm_kms_helper]\n[   40.250314][  T184]  ? drm_fb_helper_check_var+0x1180/0x1180 [drm_kms_helper]\n[   40.251540][  T184]  ? __cond_resched+0x1c/0xc0\n[   40.252321][  T184]  ? mutex_lock+0x9f/0x100\n[   40.253062][  T184]  __drm_fb_helper_initial_config_and_unlock+0xb9/0x2c0 [drm_kms_helper]\n[   40.254394][  T184]  drm_fbdev_client_hotplug+0x56f/0x840 [drm_kms_helper]\n[   40.255477][  T184]  drm_fbdev_generic_setup+0x165/0x3c0 [drm_kms_helper]\n[   40.256607][  T184]  bochs_pci_probe+0x6b7/0x900 [bochs]\n[   \n---truncated---", "A flaw was found in the ttm module in the Linux kernel. A NULL pointer dereference can be triggered due to an improper check, resulting in a denial of service." ],
  "statement" : "This issue has been fixed in Red Hat Enterprise Linux 8.8 and 9.2 via RHSA-2023:2951 [1] and RHSA-2023:2458 [2], respectively.\n[1]. https://access.redhat.com/errata/RHSA-2023:2951\n[2]. https://access.redhat.com/errata/RHSA-2023:2458",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2023-05-16T00:00:00Z",
    "advisory" : "RHSA-2023:2951",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-477.10.1.el8_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-05-09T00:00:00Z",
    "advisory" : "RHSA-2023:2458",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-284.11.1.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-05-09T00:00:00Z",
    "advisory" : "RHSA-2023:2458",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-284.11.1.el9_2"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-50068\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-50068\nhttps://lore.kernel.org/linux-cve-announce/2025061852-CVE-2022-50068-25c3@gregkh/T" ],
  "name" : "CVE-2022-50068",
  "csaw" : false
}