CVE-2022-48634: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: drm/gma500: Fix BUG: sleeping function called from invalid context errors gma_crtc_page_flip() was holding the event_lock spinlock while calling crtc_funcs->mode_set_base() which takes ww_mutex. The only reason to hold event_lock is to clear gma_crtc->page_flip_event on mode_set_base() errors. Instead unlock it after setting gma_crtc->page_flip_event and on errors re-take the lock and clear gma_crtc->page_flip_event it it is still set. This fixes the following WARN/stacktrace: [ 512.122953] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:870 [ 512.123004] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 1253, name: gnome-shell [ 512.123031] preempt_count: 1, expected: 0 [ 512.123048] RCU nest depth: 0, expected: 0 [ 512.123066] INFO: lockdep is turned off. [ 512.123080] irq event stamp: 0 [ 512.123094] hardirqs last enabled at (0): [<0000000000000000>] 0x0 [ 512.123134] hardirqs last disabled at (0): [<ffffffff8d0ec28c>] copy_process+0x9fc/0x1de0 [ 512.123176] softirqs last enabled at (0): [<ffffffff8d0ec28c>] copy_process+0x9fc/0x1de0 [ 512.123207] softirqs last disabled at (0): [<0000000000000000>] 0x0 [ 512.123233] Preemption disabled at: [ 512.123241] [<0000000000000000>] 0x0 [ 512.123275] CPU: 3 PID: 1253 Comm: gnome-shell Tainted: G W 5.19.0+ #1 [ 512.123304] Hardware name: Packard Bell dot s/SJE01_CT, BIOS V1.10 07/23/2013 [ 512.123323] Call Trace: [ 512.123346] <TASK> [ 512.123370] dump_stack_lvl+0x5b/0x77 [ 512.123412] __might_resched.cold+0xff/0x13a [ 512.123458] ww_mutex_lock+0x1e/0xa0 [ 512.123495] psb_gem_pin+0x2c/0x150 [gma500_gfx] [ 512.123601] gma_pipe_set_base+0x76/0x240 [gma500_gfx] [ 512.123708] gma_crtc_page_flip+0x95/0x130 [gma500_gfx] [ 512.123808] drm_mode_page_flip_ioctl+0x57d/0x5d0 [ 512.123897] ? drm_mode_cursor2_ioctl+0x10/0x10 [ 512.123936] drm_ioctl_kernel+0xa1/0x150 [ 512.123984] drm_ioctl+0x21f/0x420 [ 512.124025] ? drm_mode_cursor2_ioctl+0x10/0x10 [ 512.124070] ? rcu_read_lock_bh_held+0xb/0x60 [ 512.124104] ? lock_release+0x1ef/0x2d0 [ 512.124161] __x64_sys_ioctl+0x8d/0xd0 [ 512.124203] do_syscall_64+0x58/0x80 [ 512.124239] ? do_syscall_64+0x67/0x80 [ 512.124267] ? trace_hardirqs_on_prepare+0x55/0xe0 [ 512.124300] ? do_syscall_64+0x67/0x80 [ 512.124340] ? rcu_read_lock_sched_held+0x10/0x80 [ 512.124377] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 512.124411] RIP: 0033:0x7fcc4a70740f [ 512.124442] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 18 48 8b 44 24 18 64 48 2b 04 25 28 00 00 [ 512.124470] RSP: 002b:00007ffda73f5390 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 512.124503] RAX: ffffffffffffffda RBX: 000055cc9e474500 RCX: 00007fcc4a70740f [ 512.124524] RDX: 00007ffda73f5420 RSI: 00000000c01864b0 RDI: 0000000000000009 [ 512.124544] RBP: 00007ffda73f5420 R08: 000055cc9c0b0cb0 R09: 0000000000000034 [ 512.124564] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000c01864b0 [ 512.124584] R13: 0000000000000009 R14: 000055cc9df484d0 R15: 000055cc9af5d0c0 [ 512.124647] </TASK>
AI Analysis
Technical Summary
CVE-2022-48634 is a medium-severity vulnerability identified in the Linux kernel, specifically within the Direct Rendering Manager (DRM) subsystem for the Intel GMA500 graphics driver (gma500_gfx). The issue arises from improper locking behavior in the function gma_crtc_page_flip(), which holds the event_lock spinlock while calling crtc_funcs->mode_set_base(). The mode_set_base() function acquires a ww_mutex, and holding the event_lock spinlock during this call leads to a BUG triggered by a sleeping function being called from an invalid context. This is a violation of kernel locking rules, as sleeping functions must not be called while holding spinlocks or in atomic contexts. The bug manifests as kernel warnings and stack traces indicating improper locking and preemption states, potentially causing system instability or crashes. The root cause is that event_lock was held longer than necessary, and the fix involves unlocking event_lock immediately after setting gma_crtc->page_flip_event and re-acquiring it only if errors occur to clear the event properly. This correction prevents the BUG by ensuring that sleeping functions are not called while holding spinlocks, maintaining kernel locking discipline and system stability. The vulnerability affects Linux kernel versions identified by the commit hash 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and was published on April 28, 2024. The CVSS v3.1 score is 5.3 (medium), reflecting limited confidentiality, integrity, and availability impacts, requiring local privileges and no user interaction. No known exploits are reported in the wild at this time.
Potential Impact
For European organizations, the impact of CVE-2022-48634 is primarily related to system stability and reliability rather than direct data compromise or remote exploitation. Systems running Linux kernels with the affected gma500 graphics driver may experience kernel panics, crashes, or degraded graphics performance, which could disrupt operations, especially in environments relying on Linux-based desktops or servers with this specific hardware. The vulnerability requires local privileges to exploit, limiting the risk to attackers who already have some level of access. However, in sensitive environments such as critical infrastructure, government agencies, or enterprises using Linux workstations with Intel GMA500 graphics, unexpected system crashes could lead to denial of service or operational interruptions. Given the medium severity and the absence of remote exploitation vectors, the threat is moderate but should be addressed promptly to maintain system stability and prevent potential escalation from local attackers.
Mitigation Recommendations
European organizations should apply the Linux kernel patches that address this locking issue as soon as they become available from their Linux distribution vendors. Specifically, updating to kernel versions that include the fix for CVE-2022-48634 will resolve the improper locking behavior in the gma500 driver. Organizations using custom or embedded Linux kernels with the gma500 driver should backport the fix or upgrade their kernel accordingly. Additionally, system administrators should audit systems to identify those running the affected kernel versions and hardware configurations. Where possible, restrict local user privileges to minimize the risk of local exploitation. Monitoring system logs for kernel warnings or BUG messages related to locking or the gma500 driver can help detect attempts to trigger this vulnerability. For critical systems, consider isolating or limiting use of hardware with the affected graphics driver until patched. Finally, maintain regular kernel updates and vulnerability management processes to ensure timely remediation of such issues.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
CVE-2022-48634: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: drm/gma500: Fix BUG: sleeping function called from invalid context errors gma_crtc_page_flip() was holding the event_lock spinlock while calling crtc_funcs->mode_set_base() which takes ww_mutex. The only reason to hold event_lock is to clear gma_crtc->page_flip_event on mode_set_base() errors. Instead unlock it after setting gma_crtc->page_flip_event and on errors re-take the lock and clear gma_crtc->page_flip_event it it is still set. This fixes the following WARN/stacktrace: [ 512.122953] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:870 [ 512.123004] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 1253, name: gnome-shell [ 512.123031] preempt_count: 1, expected: 0 [ 512.123048] RCU nest depth: 0, expected: 0 [ 512.123066] INFO: lockdep is turned off. [ 512.123080] irq event stamp: 0 [ 512.123094] hardirqs last enabled at (0): [<0000000000000000>] 0x0 [ 512.123134] hardirqs last disabled at (0): [<ffffffff8d0ec28c>] copy_process+0x9fc/0x1de0 [ 512.123176] softirqs last enabled at (0): [<ffffffff8d0ec28c>] copy_process+0x9fc/0x1de0 [ 512.123207] softirqs last disabled at (0): [<0000000000000000>] 0x0 [ 512.123233] Preemption disabled at: [ 512.123241] [<0000000000000000>] 0x0 [ 512.123275] CPU: 3 PID: 1253 Comm: gnome-shell Tainted: G W 5.19.0+ #1 [ 512.123304] Hardware name: Packard Bell dot s/SJE01_CT, BIOS V1.10 07/23/2013 [ 512.123323] Call Trace: [ 512.123346] <TASK> [ 512.123370] dump_stack_lvl+0x5b/0x77 [ 512.123412] __might_resched.cold+0xff/0x13a [ 512.123458] ww_mutex_lock+0x1e/0xa0 [ 512.123495] psb_gem_pin+0x2c/0x150 [gma500_gfx] [ 512.123601] gma_pipe_set_base+0x76/0x240 [gma500_gfx] [ 512.123708] gma_crtc_page_flip+0x95/0x130 [gma500_gfx] [ 512.123808] drm_mode_page_flip_ioctl+0x57d/0x5d0 [ 512.123897] ? drm_mode_cursor2_ioctl+0x10/0x10 [ 512.123936] drm_ioctl_kernel+0xa1/0x150 [ 512.123984] drm_ioctl+0x21f/0x420 [ 512.124025] ? drm_mode_cursor2_ioctl+0x10/0x10 [ 512.124070] ? rcu_read_lock_bh_held+0xb/0x60 [ 512.124104] ? lock_release+0x1ef/0x2d0 [ 512.124161] __x64_sys_ioctl+0x8d/0xd0 [ 512.124203] do_syscall_64+0x58/0x80 [ 512.124239] ? do_syscall_64+0x67/0x80 [ 512.124267] ? trace_hardirqs_on_prepare+0x55/0xe0 [ 512.124300] ? do_syscall_64+0x67/0x80 [ 512.124340] ? rcu_read_lock_sched_held+0x10/0x80 [ 512.124377] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 512.124411] RIP: 0033:0x7fcc4a70740f [ 512.124442] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 18 48 8b 44 24 18 64 48 2b 04 25 28 00 00 [ 512.124470] RSP: 002b:00007ffda73f5390 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 512.124503] RAX: ffffffffffffffda RBX: 000055cc9e474500 RCX: 00007fcc4a70740f [ 512.124524] RDX: 00007ffda73f5420 RSI: 00000000c01864b0 RDI: 0000000000000009 [ 512.124544] RBP: 00007ffda73f5420 R08: 000055cc9c0b0cb0 R09: 0000000000000034 [ 512.124564] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000c01864b0 [ 512.124584] R13: 0000000000000009 R14: 000055cc9df484d0 R15: 000055cc9af5d0c0 [ 512.124647] </TASK>
AI-Powered Analysis
Technical Analysis
CVE-2022-48634 is a medium-severity vulnerability identified in the Linux kernel, specifically within the Direct Rendering Manager (DRM) subsystem for the Intel GMA500 graphics driver (gma500_gfx). The issue arises from improper locking behavior in the function gma_crtc_page_flip(), which holds the event_lock spinlock while calling crtc_funcs->mode_set_base(). The mode_set_base() function acquires a ww_mutex, and holding the event_lock spinlock during this call leads to a BUG triggered by a sleeping function being called from an invalid context. This is a violation of kernel locking rules, as sleeping functions must not be called while holding spinlocks or in atomic contexts. The bug manifests as kernel warnings and stack traces indicating improper locking and preemption states, potentially causing system instability or crashes. The root cause is that event_lock was held longer than necessary, and the fix involves unlocking event_lock immediately after setting gma_crtc->page_flip_event and re-acquiring it only if errors occur to clear the event properly. This correction prevents the BUG by ensuring that sleeping functions are not called while holding spinlocks, maintaining kernel locking discipline and system stability. The vulnerability affects Linux kernel versions identified by the commit hash 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and was published on April 28, 2024. The CVSS v3.1 score is 5.3 (medium), reflecting limited confidentiality, integrity, and availability impacts, requiring local privileges and no user interaction. No known exploits are reported in the wild at this time.
Potential Impact
For European organizations, the impact of CVE-2022-48634 is primarily related to system stability and reliability rather than direct data compromise or remote exploitation. Systems running Linux kernels with the affected gma500 graphics driver may experience kernel panics, crashes, or degraded graphics performance, which could disrupt operations, especially in environments relying on Linux-based desktops or servers with this specific hardware. The vulnerability requires local privileges to exploit, limiting the risk to attackers who already have some level of access. However, in sensitive environments such as critical infrastructure, government agencies, or enterprises using Linux workstations with Intel GMA500 graphics, unexpected system crashes could lead to denial of service or operational interruptions. Given the medium severity and the absence of remote exploitation vectors, the threat is moderate but should be addressed promptly to maintain system stability and prevent potential escalation from local attackers.
Mitigation Recommendations
European organizations should apply the Linux kernel patches that address this locking issue as soon as they become available from their Linux distribution vendors. Specifically, updating to kernel versions that include the fix for CVE-2022-48634 will resolve the improper locking behavior in the gma500 driver. Organizations using custom or embedded Linux kernels with the gma500 driver should backport the fix or upgrade their kernel accordingly. Additionally, system administrators should audit systems to identify those running the affected kernel versions and hardware configurations. Where possible, restrict local user privileges to minimize the risk of local exploitation. Monitoring system logs for kernel warnings or BUG messages related to locking or the gma500 driver can help detect attempts to trigger this vulnerability. For critical systems, consider isolating or limiting use of hardware with the affected graphics driver until patched. Finally, maintain regular kernel updates and vulnerability management processes to ensure timely remediation of such issues.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-02-25T13:44:28.315Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d982ec4522896dcbe5d25
Added to database: 5/21/2025, 9:09:02 AM
Last enriched: 6/30/2025, 5:55:46 PM
Last updated: 8/15/2025, 6:11:13 AM
Views: 16
Related Threats
CVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9088: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9087: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-8878: CWE-94 Improper Control of Generation of Code ('Code Injection') in properfraction Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.