{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2022-50332","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-09-15T14:18:36.816Z","datePublished":"2025-09-15T14:49:42.733Z","dateUpdated":"2026-05-11T19:17:24.374Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:17:24.374Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nvideo/aperture: Call sysfb_disable() before removing PCI devices\n\nCall sysfb_disable() from aperture_remove_conflicting_pci_devices()\nbefore removing PCI devices. Without, simpledrm can still bind to\nsimple-framebuffer devices after the hardware driver has taken over\nthe hardware. Both drivers interfere with each other and results are\nundefined.\n\nReported modesetting errors [1] are shown below.\n\n---- snap ----\nrcu: INFO: rcu_sched detected expedited stalls on CPUs/tasks: { 13-.... } 7 jiffies s: 165 root: 0x2000/.\nrcu: blocking rcu_node structures (internal RCU debug):\nTask dump for CPU 13:\ntask:X               state:R  running task     stack:    0 pid: 4242 ppid:  4228 flags:0x00000008\nCall Trace:\n <TASK>\n ? commit_tail+0xd7/0x130\n ? drm_atomic_helper_commit+0x126/0x150\n ? drm_atomic_commit+0xa4/0xe0\n ? drm_plane_get_damage_clips.cold+0x1c/0x1c\n ? drm_atomic_helper_dirtyfb+0x19e/0x280\n ? drm_mode_dirtyfb_ioctl+0x10f/0x1e0\n ? drm_mode_getfb2_ioctl+0x2d0/0x2d0\n ? drm_ioctl_kernel+0xc4/0x150\n ? drm_ioctl+0x246/0x3f0\n ? drm_mode_getfb2_ioctl+0x2d0/0x2d0\n ? __x64_sys_ioctl+0x91/0xd0\n ? do_syscall_64+0x60/0xd0\n ? entry_SYSCALL_64_after_hwframe+0x4b/0xb5\n </TASK>\n...\nrcu: INFO: rcu_sched detected expedited stalls on CPUs/tasks: { 13-.... } 30 jiffies s: 169 root: 0x2000/.\nrcu: blocking rcu_node structures (internal RCU debug):\nTask dump for CPU 13:\ntask:X               state:R  running task     stack:    0 pid: 4242 ppid:  4228 flags:0x0000400e\nCall Trace:\n <TASK>\n ? memcpy_toio+0x76/0xc0\n ? memcpy_toio+0x1b/0xc0\n ? drm_fb_memcpy_toio+0x76/0xb0\n ? drm_fb_blit_toio+0x75/0x2b0\n ? simpledrm_simple_display_pipe_update+0x132/0x150\n ? drm_atomic_helper_commit_planes+0xb6/0x230\n ? drm_atomic_helper_commit_tail+0x44/0x80\n ? commit_tail+0xd7/0x130\n ? drm_atomic_helper_commit+0x126/0x150\n ? drm_atomic_commit+0xa4/0xe0\n ? drm_plane_get_damage_clips.cold+0x1c/0x1c\n ? drm_atomic_helper_dirtyfb+0x19e/0x280\n ? drm_mode_dirtyfb_ioctl+0x10f/0x1e0\n ? drm_mode_getfb2_ioctl+0x2d0/0x2d0\n ? drm_ioctl_kernel+0xc4/0x150\n ? drm_ioctl+0x246/0x3f0\n ? drm_mode_getfb2_ioctl+0x2d0/0x2d0\n ? __x64_sys_ioctl+0x91/0xd0\n ? do_syscall_64+0x60/0xd0\n ? entry_SYSCALL_64_after_hwframe+0x4b/0xb5\n </TASK>\n\nThe problem was added by commit 5e0137612430 (\"video/aperture: Disable\nand unregister sysfb devices via aperture helpers\") to v6.0.3 and does\nnot exist in the mainline branch.\n\nThe mainline commit 5e0137612430 (\"video/aperture: Disable and\nunregister sysfb devices via aperture helpers\") has been backported\nfrom v6.0-rc1 to stable v6.0.3 from a larger patch series [2] that\nreworks fbdev framebuffer ownership. The backport misses a change to\naperture_remove_conflicting_pci_devices(). Mainline itself is fine,\nbecause the function does not exist there as a result of the patch\nseries.\n\nInstead of backporting the whole series, fix the additional function."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/video/aperture.c"],"versions":[{"version":"cfecfc98a78d97a49807531b5b224459bda877de","lessThan":"25a6688f27ff54f97adf7cce1d7e18c38bf51eb4","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/video/aperture.c"],"versions":[{"version":"6.0.3","lessThan":"6.0.6","status":"affected","versionType":"semver"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.3","versionEndExcluding":"6.0.6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/25a6688f27ff54f97adf7cce1d7e18c38bf51eb4"}],"title":"video/aperture: Call sysfb_disable() before removing PCI devices","x_generator":{"engine":"bippy-1.2.0"}}}}