{ "threat_severity" : "Low", "public_date" : "2025-10-04T00:00:00Z", "bugzilla" : { "description" : "kernel: drm/mipi-dsi: Detach devices when removing the host", "id" : "2401549", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2401549" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-459", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\ndrm/mipi-dsi: Detach devices when removing the host\nWhenever the MIPI-DSI host is unregistered, the code of\nmipi_dsi_host_unregister() loops over every device currently found on that\nbus and will unregister it.\nHowever, it doesn't detach it from the bus first, which leads to all kind\nof resource leaks if the host wants to perform some clean up whenever a\ndevice is detached.", "A resource leak flaw was found in the Linux kernel's MIPI-DSI host driver in the device removal logic. A local user can trigger this issue by unregistering a MIPI-DSI host, causing the cleanup code to unregister all attached devices without first detaching them. This prevents the host from performing proper cleanup operations, resulting in resource leaks including memory, references, and hardware state, leading to denial of service through resource exhaustion." ], "statement" : "The mipi_dsi_host_unregister function iterates through all MIPI-DSI devices attached to the host and calls device_unregister on each. However, it skips the detachment step that would normally invoke the host's detach callback, allowing the host driver to release resources associated with that device. This means allocated memory, DMA mappings, clock references, power domain associations, and other resources remain allocated even after the device is unregistered. Since the host is being removed, these resources cannot be cleaned up later and represent permanent leaks until system reboot.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2023-11-14T00:00:00Z", "advisory" : "RHSA-2023:7077", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kernel-0:4.18.0-513.5.1.el8_9" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-11-07T00:00:00Z", "advisory" : "RHSA-2023:6583", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-362.8.1.el9_3" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-11-07T00:00:00Z", "advisory" : "RHSA-2023:6583", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-362.8.1.el9_3" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-50489\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-50489\nhttps://lore.kernel.org/linux-cve-announce/2025100417-CVE-2022-50489-9d88@gregkh/T" ], "name" : "CVE-2022-50489", "csaw" : false }