{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2022-49960","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-06-18T10:57:27.383Z","datePublished":"2025-06-18T11:00:21.621Z","dateUpdated":"2026-05-11T19:10:00.494Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:10:00.494Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915: fix null pointer dereference\n\nAsus chromebook CX550 crashes during boot on v5.17-rc1 kernel.\nThe root cause is null pointer defeference of bi_next\nin tgl_get_bw_info() in drivers/gpu/drm/i915/display/intel_bw.c.\n\nBUG: kernel NULL pointer dereference, address: 000000000000002e\nPGD 0 P4D 0\nOops: 0002 [#1] PREEMPT SMP NOPTI\nCPU: 0 PID: 1 Comm: swapper/0 Tainted: G U 5.17.0-rc1\nHardware name: Google Delbin/Delbin, BIOS Google_Delbin.13672.156.3 05/14/2021\nRIP: 0010:tgl_get_bw_info+0x2de/0x510\n...\n[ 2.554467] Call Trace:\n[ 2.554467] \n[ 2.554467] intel_bw_init_hw+0x14a/0x434\n[ 2.554467] ? _printk+0x59/0x73\n[ 2.554467] ? _dev_err+0x77/0x91\n[ 2.554467] i915_driver_hw_probe+0x329/0x33e\n[ 2.554467] i915_driver_probe+0x4c8/0x638\n[ 2.554467] i915_pci_probe+0xf8/0x14e\n[ 2.554467] ? _raw_spin_unlock_irqrestore+0x12/0x2c\n[ 2.554467] pci_device_probe+0xaa/0x142\n[ 2.554467] really_probe+0x13f/0x2f4\n[ 2.554467] __driver_probe_device+0x9e/0xd3\n[ 2.554467] driver_probe_device+0x24/0x7c\n[ 2.554467] __driver_attach+0xba/0xcf\n[ 2.554467] ? driver_attach+0x1f/0x1f\n[ 2.554467] bus_for_each_dev+0x8c/0xc0\n[ 2.554467] bus_add_driver+0x11b/0x1f7\n[ 2.554467] driver_register+0x60/0xea\n[ 2.554467] ? mipi_dsi_bus_init+0x16/0x16\n[ 2.554467] i915_init+0x2c/0xb9\n[ 2.554467] ? mipi_dsi_bus_init+0x16/0x16\n[ 2.554467] do_one_initcall+0x12e/0x2b3\n[ 2.554467] do_initcall_level+0xd6/0xf3\n[ 2.554467] do_initcalls+0x4e/0x79\n[ 2.554467] kernel_init_freeable+0xed/0x14d\n[ 2.554467] ? rest_init+0xc1/0xc1\n[ 2.554467] kernel_init+0x1a/0x120\n[ 2.554467] ret_from_fork+0x1f/0x30\n[ 2.554467] \n...\nKernel panic - not syncing: Fatal exception\n\n(cherry picked from commit c247cd03898c4c43c3bce6d4014730403bc13032)"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/gpu/drm/i915/display/intel_bw.c"],"versions":[{"version":"c64a9a7c05beb2b71b7496d873654f88e1a08593","lessThan":"c2798203315f4729bab0b917bf4c17a159abf9f8","status":"affected","versionType":"git"},{"version":"c64a9a7c05beb2b71b7496d873654f88e1a08593","lessThan":"458ec0c8f35963626ccd51c3d50b752de5f1b9d4","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/gpu/drm/i915/display/intel_bw.c"],"versions":[{"version":"5.17","status":"affected"},{"version":"0","lessThan":"5.17","status":"unaffected","versionType":"semver"},{"version":"5.19.8","lessThanOrEqual":"5.19.*","status":"unaffected","versionType":"semver"},{"version":"6.0","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.17","versionEndExcluding":"5.19.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.17","versionEndExcluding":"6.0"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/c2798203315f4729bab0b917bf4c17a159abf9f8"},{"url":"https://git.kernel.org/stable/c/458ec0c8f35963626ccd51c3d50b752de5f1b9d4"}],"title":"drm/i915: fix null pointer dereference","x_generator":{"engine":"bippy-1.2.0"}}}}