{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-49247","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-02-26T01:49:39.295Z","datePublished":"2025-02-26T01:56:06.224Z","dateUpdated":"2025-05-04T08:33:17.999Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T08:33:17.999Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED\n\nIf the callback 'start_streaming' fails, then all\nqueued buffers in the driver should be returned with\nstate 'VB2_BUF_STATE_QUEUED'. Currently, they are\nreturned with 'VB2_BUF_STATE_ERROR' which is wrong.\nFix this. This also fixes the warning:\n\n[   65.583633] WARNING: CPU: 5 PID: 593 at drivers/media/common/videobuf2/videobuf2-core.c:1612 vb2_start_streaming+0xd4/0x160 [videobuf2_common]\n[   65.585027] Modules linked in: snd_usb_audio snd_hwdep snd_usbmidi_lib snd_rawmidi snd_soc_hdmi_codec dw_hdmi_i2s_audio saa7115 stk1160 videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 videobuf2_common videodev mc crct10dif_ce panfrost snd_soc_simple_card snd_soc_audio_graph_card snd_soc_spdif_tx snd_soc_simple_card_utils gpu_sched phy_rockchip_pcie snd_soc_rockchip_i2s rockchipdrm analogix_dp dw_mipi_dsi dw_hdmi cec drm_kms_helper drm rtc_rk808 rockchip_saradc industrialio_triggered_buffer kfifo_buf rockchip_thermal pcie_rockchip_host ip_tables x_tables ipv6\n[   65.589383] CPU: 5 PID: 593 Comm: v4l2src0:src Tainted: G        W         5.16.0-rc4-62408-g32447129cb30-dirty #14\n[   65.590293] Hardware name: Radxa ROCK Pi 4B (DT)\n[   65.590696] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[   65.591304] pc : vb2_start_streaming+0xd4/0x160 [videobuf2_common]\n[   65.591850] lr : vb2_start_streaming+0x6c/0x160 [videobuf2_common]\n[   65.592395] sp : ffff800012bc3ad0\n[   65.592685] x29: ffff800012bc3ad0 x28: 0000000000000000 x27: ffff800012bc3cd8\n[   65.593312] x26: 0000000000000000 x25: ffff00000d8a7800 x24: 0000000040045612\n[   65.593938] x23: ffff800011323000 x22: ffff800012bc3cd8 x21: ffff00000908a8b0\n[   65.594562] x20: ffff00000908a8c8 x19: 00000000fffffff4 x18: ffffffffffffffff\n[   65.595188] x17: 000000040044ffff x16: 00400034b5503510 x15: ffff800011323f78\n[   65.595813] x14: ffff000013163886 x13: ffff000013163885 x12: 00000000000002ce\n[   65.596439] x11: 0000000000000028 x10: 0000000000000001 x9 : 0000000000000228\n[   65.597064] x8 : 0101010101010101 x7 : 7f7f7f7f7f7f7f7f x6 : fefefeff726c5e78\n[   65.597690] x5 : ffff800012bc3990 x4 : 0000000000000000 x3 : ffff000009a34880\n[   65.598315] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff000007cd99f0\n[   65.598940] Call trace:\n[   65.599155]  vb2_start_streaming+0xd4/0x160 [videobuf2_common]\n[   65.599672]  vb2_core_streamon+0x17c/0x1a8 [videobuf2_common]\n[   65.600179]  vb2_streamon+0x54/0x88 [videobuf2_v4l2]\n[   65.600619]  vb2_ioctl_streamon+0x54/0x60 [videobuf2_v4l2]\n[   65.601103]  v4l_streamon+0x3c/0x50 [videodev]\n[   65.601521]  __video_do_ioctl+0x1a4/0x428 [videodev]\n[   65.601977]  video_usercopy+0x320/0x828 [videodev]\n[   65.602419]  video_ioctl2+0x3c/0x58 [videodev]\n[   65.602830]  v4l2_ioctl+0x60/0x90 [videodev]\n[   65.603227]  __arm64_sys_ioctl+0xa8/0xe0\n[   65.603576]  invoke_syscall+0x54/0x118\n[   65.603911]  el0_svc_common.constprop.3+0x84/0x100\n[   65.604332]  do_el0_svc+0x34/0xa0\n[   65.604625]  el0_svc+0x1c/0x50\n[   65.604897]  el0t_64_sync_handler+0x88/0xb0\n[   65.605264]  el0t_64_sync+0x16c/0x170\n[   65.605587] ---[ end trace 578e0ba07742170d ]---"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/media/usb/stk1160/stk1160-core.c","drivers/media/usb/stk1160/stk1160-v4l.c","drivers/media/usb/stk1160/stk1160.h"],"versions":[{"version":"8ac456495a33d9466076fea94594181ceefb76d9","lessThan":"03054f22d5abd80ad89547512c2bfbfb2714d3ed","status":"affected","versionType":"git"},{"version":"8ac456495a33d9466076fea94594181ceefb76d9","lessThan":"f04a520a422222fc921bf035dc67414c500a286a","status":"affected","versionType":"git"},{"version":"8ac456495a33d9466076fea94594181ceefb76d9","lessThan":"3cc050df73e3d973f1870a8dc0e177e77670bc7f","status":"affected","versionType":"git"},{"version":"8ac456495a33d9466076fea94594181ceefb76d9","lessThan":"4d68603cc4382174bc1e7d532e10675c48c6b257","status":"affected","versionType":"git"},{"version":"8ac456495a33d9466076fea94594181ceefb76d9","lessThan":"a09e9882800fdfc5aab93f77c3f0132071d2191b","status":"affected","versionType":"git"},{"version":"8ac456495a33d9466076fea94594181ceefb76d9","lessThan":"2874122ca4ca74adec72d6d6bf8828228ec20f15","status":"affected","versionType":"git"},{"version":"8ac456495a33d9466076fea94594181ceefb76d9","lessThan":"f66e6fd1488d26229f11d86616de1b658c70fa8a","status":"affected","versionType":"git"},{"version":"8ac456495a33d9466076fea94594181ceefb76d9","lessThan":"fbe04b49a54e31f4321d632270207f0e6304cd16","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/media/usb/stk1160/stk1160-core.c","drivers/media/usb/stk1160/stk1160-v4l.c","drivers/media/usb/stk1160/stk1160.h"],"versions":[{"version":"3.7","status":"affected"},{"version":"0","lessThan":"3.7","status":"unaffected","versionType":"semver"},{"version":"4.14.276","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.238","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.189","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.110","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.33","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.16.19","lessThanOrEqual":"5.16.*","status":"unaffected","versionType":"semver"},{"version":"5.17.2","lessThanOrEqual":"5.17.*","status":"unaffected","versionType":"semver"},{"version":"5.18","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7","versionEndExcluding":"4.14.276"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7","versionEndExcluding":"4.19.238"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7","versionEndExcluding":"5.4.189"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7","versionEndExcluding":"5.10.110"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7","versionEndExcluding":"5.15.33"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7","versionEndExcluding":"5.16.19"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7","versionEndExcluding":"5.17.2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7","versionEndExcluding":"5.18"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/03054f22d5abd80ad89547512c2bfbfb2714d3ed"},{"url":"https://git.kernel.org/stable/c/f04a520a422222fc921bf035dc67414c500a286a"},{"url":"https://git.kernel.org/stable/c/3cc050df73e3d973f1870a8dc0e177e77670bc7f"},{"url":"https://git.kernel.org/stable/c/4d68603cc4382174bc1e7d532e10675c48c6b257"},{"url":"https://git.kernel.org/stable/c/a09e9882800fdfc5aab93f77c3f0132071d2191b"},{"url":"https://git.kernel.org/stable/c/2874122ca4ca74adec72d6d6bf8828228ec20f15"},{"url":"https://git.kernel.org/stable/c/f66e6fd1488d26229f11d86616de1b658c70fa8a"},{"url":"https://git.kernel.org/stable/c/fbe04b49a54e31f4321d632270207f0e6304cd16"}],"title":"media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED","x_generator":{"engine":"bippy-1.2.0"}}}}