CVE-2022-50750

What the vulnerability is

The vulnerability resides in the probe function of the DRM panel driver for Sitronix ST7701 (panel-sitronix-st7701). When mipi_dsi_attach() fails, the previously registered panel via drm_panel_add() is not removed, causing a memory leak and leaving stale references. The fix adds a call to drm_panel_remove() in the error path. [1][2][3]

How it is exploited

The condition is triggered if the MIPI DSI attach operation fails, which can occur due to hardware malfunctions or maliciously crafted DSI peripherals. An attacker with physical or local access to manipulate device connection may cause repeated probe failures, exacerbating the leak. No authentication is required as the kernel performs the probe automatically.

Impact

The memory leak results in gradual depletion of kernel memory, potentially leading to system slowdowns or denial of service. No evidence suggests that the leak can be exploited for code execution or privilege escalation.

Mitigation

The fix has been merged into multiple Linux kernel stable branches (commits 13fc167e1645, 0b7c47b7f358, 23fddf78eac8) [1][2][3]. Users are advised to update their kernels to incorporate the patch.