CVE-2022-49510: drm/omap: fix NULL but dereferenced coccicheck error
In the Linux kernel, the following vulnerability has been resolved:
drm/omap: fix NULL but dereferenced coccicheck error
Fix the following coccicheck warning:
./drivers/gpu/drm/omapdrm/omap_overlay.c:89:22-25: ERROR: r_ovl is NULL
but dereferenced.
Here should be ovl->idx rather than r_ovl->idx.
Security readout for executives and security teams
Plain-English summary
CVE-2022-49510 is a Linux kernel NULL pointer dereference in the OMAP DRM display driver. A local authenticated user could potentially trigger a kernel crash or denial of service. The reported impact is availability only, with no confidentiality or integrity impact identified in the provided sources.
Executive priority
Treat as a moderate operational stability issue. Prioritize patching exposed Linux systems, especially embedded or display-dependent environments, but this is not presented as a remote compromise or data-theft vulnerability.
Technical view
The flaw is CWE-476 in drivers/gpu/drm/omapdrm/omap_overlay.c. The vulnerable code dereferenced r_ovl when it could be NULL; the fix uses ovl->idx instead. CVSS 3.1 is 5.5: local attack vector, low complexity, low privileges, no user interaction, high availability impact.
Likely exposure
Exposure appears limited to Linux systems running affected kernels with the OMAP DRM driver path present or usable. The source data identifies Linux as affected and references stable kernel fixes, but does not provide distribution package status.
Exploitation context
The bundle does not report active exploitation, and KEV is false. The CVSS vector requires local access with low privileges. No public exploit details or weaponization evidence are provided in the supplied sources.
Researcher notes
Evidence supports a local denial-of-service risk from a NULL dereference in drm/omap. Affected-version details in the bundle are sparse and somewhat inconsistent, so rely on kernel stable commits and distribution advisories for exact fixed builds.
Mitigation direction
Apply Linux stable kernel updates containing the referenced fixes.
Check downstream Linux distribution advisories for patched kernel package availability.
Prioritize systems using OMAP DRM or embedded display stacks.
If patching is delayed, review vendor guidance for driver-specific mitigations.
Validation and detection
Inventory Linux kernel versions and distribution package revisions.
Check whether the OMAP DRM driver is built, loaded, or required.
Confirm deployed kernels include one of the referenced stable fixes.
Run existing regression tests for display and boot stability after updating.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · low confidence lookup
CWE-476: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-476 · source CWE mapping
NULL Pointer Dereference
NULL Pointer Dereference represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.