{
  "threat_severity" : "Low",
  "public_date" : "2025-12-30T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: drm/bridge: it6505: Initialize AUX channel in it6505_i2c_probe",
    "id" : "2426170",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2426170"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.7",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-824",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\ndrm/bridge: it6505: Initialize AUX channel in it6505_i2c_probe\nDuring device boot, the HPD interrupt could be triggered before the DRM\nsubsystem registers it6505 as a DRM bridge. In such cases, the driver\ntries to access AUX channel and causes NULL pointer dereference.\nInitializing the AUX channel earlier to prevent such error.", "A NULL pointer dereference was found in the IT6505 DisplayPort bridge driver. If an HPD interrupt fires before the DRM bridge registration completes, the driver attempts to access an uninitialized AUX channel, causing a kernel crash." ],
  "statement" : "This affects systems using IT6505 DisplayPort bridges with specific timing conditions during boot. The race window is narrow and requires the display hotplug signal to arrive at a precise moment during driver initialization.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2023-11-14T00:00:00Z",
    "advisory" : "RHSA-2023:7077",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-513.5.1.el8_9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-50847\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-50847\nhttps://lore.kernel.org/linux-cve-announce/2025123021-CVE-2022-50847-6766@gregkh/T" ],
  "name" : "CVE-2022-50847",
  "csaw" : false
}