CVE-2022-49221: 
Linux Kernel vulnerability analysis and mitigation

In the Linux kernel, a vulnerability was discovered in the DisplayPort (DP) driver for MSM platforms. The issue occurs when handling EDID (Extended Display Identification Data) checksums during DP CTS test case 4.2.2.6. The vulnerability was disclosed in February 2025 and affects the drm/msm/dp subsystem (NVD).

The vulnerability stems from a NULL pointer dereference in the dppanelhandlesinkrequest() function. During DRM EDID read operations, the correct EDID checksum is calculated and stored in connector::realedidchecksum. However, the struct dppanel::connector is never assigned, while the connector is incorrectly stored in struct msmdp::connector. When running compliance test case 4.2.2.6, which intentionally uses valid EDID with bad checksum, the code attempts to access the connector's realedidchecksum through an uninitialized pointer (Kernel Commit).

When triggered, this vulnerability results in a NULL pointer dereference that can cause a kernel crash, leading to a denial of service condition. This is particularly impactful during DisplayPort compliance testing scenarios.

The issue has been fixed by properly populating the panel connector at msmdpmodesetinit(). The fix involves assigning dpdisplay->connector to dp_priv->panel->connector before it's used. The patch has been merged into the Linux kernel (Kernel Commit).