LiveActive security incident?Get immediate response
CVE Record

CVE-2022-48898: drm/msm/dp: do not complete dp_aux_cmd_fifo_tx() if irq is not for aux transfer

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: do not complete dp_aux_cmd_fifo_tx() if irq is not for aux transfer There are 3 possible interrupt sources are handled by DP controller, HPDstatus, Controller state changes and Aux read/write transaction. At every irq, DP controller have to check isr status of every interrupt sources and service the interrupt if its isr status bits shows interrupts are pending. There is potential race condition may happen at current aux isr handler implementation since it is always complete dp_aux_cmd_fifo_tx() even irq is not for aux read or write transaction. This may cause aux read transaction return premature if host aux data read is in the middle of waiting for sink to complete transferring data to host while irq happen. This will cause host's receiving buffer contains unexpected data. This patch fixes this problem by checking aux isr and return immediately at aux isr handler if there are no any isr status bits set. Current there is a bug report regrading eDP edid corruption happen during system booting up. After lengthy debugging to found that VIDEO_READY interrupt was continuously firing during system booting up which cause dp_aux_isr() to complete dp_aux_cmd_fifo_tx() prematurely to retrieve data from aux hardware buffer which is not yet contains complete data transfer from sink. This cause edid corruption. Follows are the signature at kernel logs when problem happen, EDID has corrupt header panel-simple-dp-aux aux-aea0000.edp: Couldn't identify panel via EDID Changes in v2: -- do complete if (ret == IRQ_HANDLED) ay dp-aux_isr() -- add more commit text Changes in v3: -- add Stephen suggested -- dp_aux_isr() return IRQ_XXX back to caller -- dp_ctrl_isr() return IRQ_XXX back to caller Changes in v4: -- split into two patches Changes in v5: -- delete empty line between tags Changes in v6: -- remove extra "that" and fixed line more than 75 char at commit text Patchwork: https://patchwork.freedesktop.org/patch/516121/

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

CVE-2022-48898 is a Linux kernel display-driver race condition affecting the Qualcomm MSM DisplayPort/eDP path. An unrelated interrupt can prematurely complete an AUX data transfer, causing corrupted EDID display data. Reported symptoms include boot-time panel identification failure. Public sources do not show remote code execution or active exploitation.

Executive priority

Treat as a targeted reliability and availability issue for affected Linux display platforms, not a broad enterprise emergency. Prioritize embedded, mobile, or appliance fleets using Qualcomm MSM display hardware where boot display reliability matters.

Technical view

The drm/msm/dp AUX interrupt handler completed dp_aux_cmd_fifo_tx() even when the interrupt was not for an AUX transfer. During boot, repeated VIDEO_READY interrupts could cause premature reads from the AUX hardware buffer, corrupting EDID. The fix checks AUX ISR status and returns when no AUX interrupt bits are set.

Likely exposure

Exposure is likely limited to Linux systems using the MSM DRM DisplayPort/eDP controller and kernels containing the vulnerable code. The CVE record lists Linux kernel versions and stable fixes, but distribution-specific affected status requires vendor confirmation.

Exploitation context

The sources describe a race condition triggered by device interrupt timing, with observed EDID corruption during boot. There is no KEV listing and no cited evidence of active exploitation or a public exploit.

Researcher notes

The CVE record lacks CVSS, CWE, and detailed distro impact. Analysis should focus on kernel lineage, presence of the drm/msm/dp AUX handler fix, and hardware applicability. Avoid assuming exposure on systems without MSM DisplayPort/eDP support.

Mitigation direction

  • Update to a vendor-supported kernel containing the referenced stable fixes.
  • Check Linux distribution or device vendor advisories for affected kernel builds.
  • Prioritize devices using Qualcomm MSM DisplayPort or embedded DisplayPort hardware.

Validation and detection

  • Inventory Linux kernel versions on devices using MSM DisplayPort or eDP.
  • Confirm whether referenced stable commits are present in the deployed kernel.
  • Review boot logs for EDID corrupt header or panel identification failures.
  • Validate display behavior after applying the vendor kernel update.
Prepared
Confidence
medium
Sources
6

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2022-48898 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
1ADP providers
5Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CISA-ADPCISA ADP Vulnrichment
other:ssvc
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinuxc943b4948b5848fc0e07f875edbd35a973879e22, c943b4948b5848fc0e07f875edbd35a973879e22, c943b4948b5848fc0e07f875edbd35a973879e22, c943b4948b5848fc0e07f875edbd35a973879e22unaffected
LinuxLinux5.10, 0, 5.10.164, 5.15.89, 6.1.7, 6.2affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.