CVE-2022-49490: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49490 affects the Linux kernel's mdp5 (Mobile Display Processor 5) subsystem. The vulnerability was discovered when it was found that mdp5getglobalstate function could encounter a deadlock condition when acquiring the modeset lock, potentially leading to a NULL dereference error in the mdp5pipe_release function (Kernel Commit).

The vulnerability exists in the DRM (Direct Rendering Manager) MSM driver's MDP5 component. The issue occurs because mdp5piperelease doesn't properly check for errors returned by mdp5getglobalstate when acquiring the modeset lock. This oversight can result in a NULL dereference if mdp5getglobalstate returns -EDEADLK. The fix involves modifying mdp5piperelease to return an error code and properly handle cases where mdp5getglobal_state fails (Kernel Commit).

The vulnerability could lead to a system crash due to NULL pointer dereference when the deadlock condition is triggered in the mdp5piperelease function. This primarily affects systems using the MSM DRM driver with MDP5 display hardware (CERT-FR).

The issue has been fixed by modifying the mdp5piperelease function to properly handle error conditions from mdp5getglobalstate and propagate the error codes appropriately. The fix includes checking for ISERR return values and returning appropriate error codes instead of continuing with potentially invalid state. Users should update to patched kernel versions that include this fix (Kernel Commit).