CVE-2022-50292

Name	CVE-2022-50292
Description	In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: fix bridge lifetime Device-managed resources allocated post component bind must be tied to the lifetime of the aggregate DRM device or they will not necessarily be released when binding of the aggregate device is deferred. This can lead resource leaks or failure to bind the aggregate device when binding is later retried and a second attempt to allocate the resources is made. For the DP bridges, previously allocated bridges will leak on probe deferral. Fix this by amending the DP parser interface and tying the lifetime of the bridge device to the DRM device rather than DP platform device. Patchwork: https://patchwork.freedesktop.org/patch/502667/
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
linux (PTS)	bullseye	5.10.223-1	fixed
	bullseye (security)	5.10.237-1	fixed
	bookworm	6.1.148-1	fixed
	bookworm (security)	6.1.147-1	fixed
	trixie	6.12.43-1	fixed
	trixie (security)	6.12.41-1	fixed
	forky	6.16.3-1	fixed
	sid	6.16.7-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
linux	source	bullseye	(not affected)
linux	source	(unstable)	6.0.7-1

[bullseye] - linux <not-affected> (Vulnerable code not present)
https://git.kernel.org/linus/16194958f888d63839042d1190f7001e5ddec47b (6.1-rc3)