CVE-2022-48898: drm/msm/dp: do not complete dp_aux_cmd_fifo_tx() if irq is not for aux transfer
In the Linux kernel, the following vulnerability has been resolved:
drm/msm/dp: do not complete dp_aux_cmd_fifo_tx() if irq is not for aux transfer
There are 3 possible interrupt sources are handled by DP controller,
HPDstatus, Controller state changes and Aux read/write transaction.
At every irq, DP controller have to check isr status of every interrupt
sources and service the interrupt if its isr status bits shows interrupts
are pending. There is potential race condition may happen at current aux
isr handler implementation since it is always complete dp_aux_cmd_fifo_tx()
even irq is not for aux read or write transaction. This may cause aux read
transaction return premature if host aux data read is in the middle of
waiting for sink to complete transferring data to host while irq happen.
This will cause host's receiving buffer contains unexpected data. This
patch fixes this problem by checking aux isr and return immediately at
aux isr handler if there are no any isr status bits set.
Current there is a bug report regrading eDP edid corruption happen during
system booting up. After lengthy debugging to found that VIDEO_READY
interrupt was continuously firing during system booting up which cause
dp_aux_isr() to complete dp_aux_cmd_fifo_tx() prematurely to retrieve data
from aux hardware buffer which is not yet contains complete data transfer
from sink. This cause edid corruption.
Follows are the signature at kernel logs when problem happen,
EDID has corrupt header
panel-simple-dp-aux aux-aea0000.edp: Couldn't identify panel via EDID
Changes in v2:
-- do complete if (ret == IRQ_HANDLED) ay dp-aux_isr()
-- add more commit text
Changes in v3:
-- add Stephen suggested
-- dp_aux_isr() return IRQ_XXX back to caller
-- dp_ctrl_isr() return IRQ_XXX back to caller
Changes in v4:
-- split into two patches
Changes in v5:
-- delete empty line between tags
Changes in v6:
-- remove extra "that" and fixed line more than 75 char at commit text
Patchwork: https://patchwork.freedesktop.org/patch/516121/
Security readout for executives and security teams
Plain-English summary
CVE-2022-48898 is a Linux kernel display-driver race condition affecting the Qualcomm MSM DisplayPort/eDP path. An unrelated interrupt can prematurely complete an AUX data transfer, causing corrupted EDID display data. Reported symptoms include boot-time panel identification failure. Public sources do not show remote code execution or active exploitation.
Executive priority
Treat as a targeted reliability and availability issue for affected Linux display platforms, not a broad enterprise emergency. Prioritize embedded, mobile, or appliance fleets using Qualcomm MSM display hardware where boot display reliability matters.
Technical view
The drm/msm/dp AUX interrupt handler completed dp_aux_cmd_fifo_tx() even when the interrupt was not for an AUX transfer. During boot, repeated VIDEO_READY interrupts could cause premature reads from the AUX hardware buffer, corrupting EDID. The fix checks AUX ISR status and returns when no AUX interrupt bits are set.
Likely exposure
Exposure is likely limited to Linux systems using the MSM DRM DisplayPort/eDP controller and kernels containing the vulnerable code. The CVE record lists Linux kernel versions and stable fixes, but distribution-specific affected status requires vendor confirmation.
Exploitation context
The sources describe a race condition triggered by device interrupt timing, with observed EDID corruption during boot. There is no KEV listing and no cited evidence of active exploitation or a public exploit.
Researcher notes
The CVE record lacks CVSS, CWE, and detailed distro impact. Analysis should focus on kernel lineage, presence of the drm/msm/dp AUX handler fix, and hardware applicability. Avoid assuming exposure on systems without MSM DisplayPort/eDP support.
Mitigation direction
Update to a vendor-supported kernel containing the referenced stable fixes.
Check Linux distribution or device vendor advisories for affected kernel builds.
Prioritize devices using Qualcomm MSM DisplayPort or embedded DisplayPort hardware.
Validation and detection
Inventory Linux kernel versions on devices using MSM DisplayPort or eDP.
Confirm whether referenced stable commits are present in the deployed kernel.
Review boot logs for EDID corrupt header or panel identification failures.
Validate display behavior after applying the vendor kernel update.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2022-48898 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.