CVE-2022-50847

Vulnerability

CVE-2022-50847 describes a NULL pointer dereference vulnerability in the Linux kernel's drm/bridge: it6505 driver. The root cause is an ordering issue: during device boot, a Hot-Plug Detection (HPD) interrupt can fire before the DRM subsystem has registered the it6505 device as a DRM bridge. At that point, the driver attempts to access the AUX channel, which has not yet been initialized, leading to a NULL pointer dereference. [1]

Exploitation

An attacker with local access or the ability to trigger a specific hardware event (HPD) on a system using the it6505 bridge could exploit this vulnerability. No special privileges are required beyond the ability to cause the HPD interrupt to occur during the boot sequence, before the DRM subsystem completes initialization of the bridge. The attack surface is the kernel's handling of display bridge initialization. [1]

Impact

Successful exploitation results in a kernel NULL pointer dereference, which typically causes a system crash (kernel panic) or denial of service. The attacker does not gain elevated privileges or access to sensitive data, but can render the system unavailable. [1]

Mitigation

The fix was applied in the Linux kernel stable tree by moving the AUX channel initialization earlier in the it6505_i2c_probe function, ensuring the channel is ready before any HPD interrupt can be processed. Users should apply the latest kernel updates from their distribution or the stable kernel repository to resolve the issue. [1]