CVE-2022-48888: drm/msm/dpu: Fix memory leak in msm_mdss_parse_data_bus_icc_path
In the Linux kernel, the following vulnerability has been resolved:
drm/msm/dpu: Fix memory leak in msm_mdss_parse_data_bus_icc_path
of_icc_get() alloc resources for path1, we should release it when not
need anymore. Early return when IS_ERR_OR_NULL(path0) may leak path1.
Defer getting path1 to fix this.
Patchwork: https://patchwork.freedesktop.org/patch/514264/
Security readout for executives and security teams
Plain-English summary
CVE-2022-48888 is a Linux kernel memory leak in the MSM display subsystem code. It may waste kernel resources when the affected path is reached. The public sources do not show active exploitation, CVSS scoring, or a broad business-impact statement.
Executive priority
Handle through normal kernel patch management, with priority for MSM-based devices or products where display-driver stability matters. No source provided supports emergency treatment or active exploitation.
Technical view
The fix changes drm/msm/dpu msm_mdss_parse_data_bus_icc_path so an interconnect path allocated by of_icc_get is not leaked when an early return occurs for path0. The issue is kernel-resource lifetime handling, not a documented code-execution flaw in the provided sources.
Likely exposure
Exposure appears limited to Linux kernels using the affected drm/msm/dpu code path, commonly tied to MSM display support. Confirm with kernel version, configuration, device tree, and vendor kernel backports.
Exploitation context
The source bundle marks KEV as false and provides no evidence of public exploitation. Impact details are incomplete; treat it as a resource-leak maintenance issue unless vendor guidance says otherwise.
Researcher notes
Evidence supports a memory leak caused by resource acquisition before an error-path return. The bundle does not provide CVSS, CWE, exploitability analysis, or detailed affected-version ranges beyond Linux kernel metadata and stable commit references.
Mitigation direction
Check Linux vendor advisories for CVE-2022-48888 coverage.
Update to a kernel containing the referenced stable fixes.
Confirm downstream vendor kernels backported the fix.
Prioritize exposed MSM display platforms over unrelated Linux systems.
Monitor kernel memory pressure on affected device classes.
Validation and detection
Inventory Linux kernel versions on relevant systems.
Check kernel changelogs for the referenced stable commits.
Verify whether drm/msm/dpu support is enabled or present.
Confirm vendor packages map to fixed upstream commits.
Document systems deferred due to unavailable vendor guidance.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2022-48888 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.