{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-48634","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-02-25T13:44:28.315Z","datePublished":"2024-04-28T12:59:19.749Z","dateUpdated":"2025-06-19T12:56:12.356Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-06-19T12:56:12.356Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: Fix BUG: sleeping function called from invalid context errors\n\ngma_crtc_page_flip() was holding the event_lock spinlock while calling\ncrtc_funcs->mode_set_base() which takes ww_mutex.\n\nThe only reason to hold event_lock is to clear gma_crtc->page_flip_event\non mode_set_base() errors.\n\nInstead unlock it after setting gma_crtc->page_flip_event and on\nerrors re-take the lock and clear gma_crtc->page_flip_event it\nit is still set.\n\nThis fixes the following WARN/stacktrace:\n\n[  512.122953] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:870\n[  512.123004] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 1253, name: gnome-shell\n[  512.123031] preempt_count: 1, expected: 0\n[  512.123048] RCU nest depth: 0, expected: 0\n[  512.123066] INFO: lockdep is turned off.\n[  512.123080] irq event stamp: 0\n[  512.123094] hardirqs last  enabled at (0): [<0000000000000000>] 0x0\n[  512.123134] hardirqs last disabled at (0): [<ffffffff8d0ec28c>] copy_process+0x9fc/0x1de0\n[  512.123176] softirqs last  enabled at (0): [<ffffffff8d0ec28c>] copy_process+0x9fc/0x1de0\n[  512.123207] softirqs last disabled at (0): [<0000000000000000>] 0x0\n[  512.123233] Preemption disabled at:\n[  512.123241] [<0000000000000000>] 0x0\n[  512.123275] CPU: 3 PID: 1253 Comm: gnome-shell Tainted: G        W         5.19.0+ #1\n[  512.123304] Hardware name: Packard Bell dot s/SJE01_CT, BIOS V1.10 07/23/2013\n[  512.123323] Call Trace:\n[  512.123346]  <TASK>\n[  512.123370]  dump_stack_lvl+0x5b/0x77\n[  512.123412]  __might_resched.cold+0xff/0x13a\n[  512.123458]  ww_mutex_lock+0x1e/0xa0\n[  512.123495]  psb_gem_pin+0x2c/0x150 [gma500_gfx]\n[  512.123601]  gma_pipe_set_base+0x76/0x240 [gma500_gfx]\n[  512.123708]  gma_crtc_page_flip+0x95/0x130 [gma500_gfx]\n[  512.123808]  drm_mode_page_flip_ioctl+0x57d/0x5d0\n[  512.123897]  ? drm_mode_cursor2_ioctl+0x10/0x10\n[  512.123936]  drm_ioctl_kernel+0xa1/0x150\n[  512.123984]  drm_ioctl+0x21f/0x420\n[  512.124025]  ? drm_mode_cursor2_ioctl+0x10/0x10\n[  512.124070]  ? rcu_read_lock_bh_held+0xb/0x60\n[  512.124104]  ? lock_release+0x1ef/0x2d0\n[  512.124161]  __x64_sys_ioctl+0x8d/0xd0\n[  512.124203]  do_syscall_64+0x58/0x80\n[  512.124239]  ? do_syscall_64+0x67/0x80\n[  512.124267]  ? trace_hardirqs_on_prepare+0x55/0xe0\n[  512.124300]  ? do_syscall_64+0x67/0x80\n[  512.124340]  ? rcu_read_lock_sched_held+0x10/0x80\n[  512.124377]  entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[  512.124411] RIP: 0033:0x7fcc4a70740f\n[  512.124442] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 18 48 8b 44 24 18 64 48 2b 04 25 28 00 00\n[  512.124470] RSP: 002b:00007ffda73f5390 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\n[  512.124503] RAX: ffffffffffffffda RBX: 000055cc9e474500 RCX: 00007fcc4a70740f\n[  512.124524] RDX: 00007ffda73f5420 RSI: 00000000c01864b0 RDI: 0000000000000009\n[  512.124544] RBP: 00007ffda73f5420 R08: 000055cc9c0b0cb0 R09: 0000000000000034\n[  512.124564] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000c01864b0\n[  512.124584] R13: 0000000000000009 R14: 000055cc9df484d0 R15: 000055cc9af5d0c0\n[  512.124647]  </TASK>"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/gpu/drm/gma500/gma_display.c"],"versions":[{"version":"f76c22ce8fbbd03394eb9e2cd8c490d9ad2a116c","lessThan":"c5812807e416618477d1bb0049727ce8bb8292fd","status":"affected","versionType":"git"},{"version":"f76c22ce8fbbd03394eb9e2cd8c490d9ad2a116c","lessThan":"e5ae504c8623476e13032670f1a6d6344d53ec9b","status":"affected","versionType":"git"},{"version":"f76c22ce8fbbd03394eb9e2cd8c490d9ad2a116c","lessThan":"a6ed7624bf4d0a32f2631e74828bca7b7bf15afd","status":"affected","versionType":"git"},{"version":"f76c22ce8fbbd03394eb9e2cd8c490d9ad2a116c","lessThan":"63e37a79f7bd939314997e29c2f5a9f0ef184281","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/gpu/drm/gma500/gma_display.c"],"versions":[{"version":"5.6","status":"affected"},{"version":"0","lessThan":"5.6","status":"unaffected","versionType":"semver"},{"version":"5.10.146","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.71","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.19.12","lessThanOrEqual":"5.19.*","status":"unaffected","versionType":"semver"},{"version":"6.0","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"5.10.146"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"5.15.71"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"5.19.12"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"6.0"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/c5812807e416618477d1bb0049727ce8bb8292fd"},{"url":"https://git.kernel.org/stable/c/e5ae504c8623476e13032670f1a6d6344d53ec9b"},{"url":"https://git.kernel.org/stable/c/a6ed7624bf4d0a32f2631e74828bca7b7bf15afd"},{"url":"https://git.kernel.org/stable/c/63e37a79f7bd939314997e29c2f5a9f0ef184281"}],"title":"drm/gma500: Fix BUG: sleeping function called from invalid context errors","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-noinfo Not enough information"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":5.3,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","integrityImpact":"LOW","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"LOW","privilegesRequired":"LOW","confidentialityImpact":"LOW"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-07-16T20:42:08.256561Z","id":"CVE-2022-48634","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-30T15:32:26.128Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T15:17:55.501Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/c5812807e416618477d1bb0049727ce8bb8292fd","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/e5ae504c8623476e13032670f1a6d6344d53ec9b","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/a6ed7624bf4d0a32f2631e74828bca7b7bf15afd","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/63e37a79f7bd939314997e29c2f5a9f0ef184281","tags":["x_transferred"]}]}]}}