CVE-2022-48704: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: drm/radeon: add a force flush to delay work when radeon Although radeon card fence and wait for gpu to finish processing current batch rings, there is still a corner case that radeon lockup work queue may not be fully flushed, and meanwhile the radeon_suspend_kms() function has called pci_set_power_state() to put device in D3hot state. Per PCI spec rev 4.0 on 5.3.1.4.1 D3hot State. > Configuration and Message requests are the only TLPs accepted by a Function in > the D3hot state. All other received Requests must be handled as Unsupported Requests, > and all received Completions may optionally be handled as Unexpected Completions. This issue will happen in following logs: Unable to handle kernel paging request at virtual address 00008800e0008010 CPU 0 kworker/0:3(131): Oops 0 pc = [<ffffffff811bea5c>] ra = [<ffffffff81240844>] ps = 0000 Tainted: G W pc is at si_gpu_check_soft_reset+0x3c/0x240 ra is at si_dma_is_lockup+0x34/0xd0 v0 = 0000000000000000 t0 = fff08800e0008010 t1 = 0000000000010000 t2 = 0000000000008010 t3 = fff00007e3c00000 t4 = fff00007e3c00258 t5 = 000000000000ffff t6 = 0000000000000001 t7 = fff00007ef078000 s0 = fff00007e3c016e8 s1 = fff00007e3c00000 s2 = fff00007e3c00018 s3 = fff00007e3c00000 s4 = fff00007fff59d80 s5 = 0000000000000000 s6 = fff00007ef07bd98 a0 = fff00007e3c00000 a1 = fff00007e3c016e8 a2 = 0000000000000008 a3 = 0000000000000001 a4 = 8f5c28f5c28f5c29 a5 = ffffffff810f4338 t8 = 0000000000000275 t9 = ffffffff809b66f8 t10 = ff6769c5d964b800 t11= 000000000000b886 pv = ffffffff811bea20 at = 0000000000000000 gp = ffffffff81d89690 sp = 00000000aa814126 Disabling lock debugging due to kernel taint Trace: [<ffffffff81240844>] si_dma_is_lockup+0x34/0xd0 [<ffffffff81119610>] radeon_fence_check_lockup+0xd0/0x290 [<ffffffff80977010>] process_one_work+0x280/0x550 [<ffffffff80977350>] worker_thread+0x70/0x7c0 [<ffffffff80977410>] worker_thread+0x130/0x7c0 [<ffffffff80982040>] kthread+0x200/0x210 [<ffffffff809772e0>] worker_thread+0x0/0x7c0 [<ffffffff80981f8c>] kthread+0x14c/0x210 [<ffffffff80911658>] ret_from_kernel_thread+0x18/0x20 [<ffffffff80981e40>] kthread+0x0/0x210 Code: ad3e0008 43f0074a ad7e0018 ad9e0020 8c3001e8 40230101 <88210000> 4821ed21 So force lockup work queue flush to fix this problem.
AI Analysis
Technical Summary
CVE-2022-48704 is a vulnerability identified in the Linux kernel's Radeon DRM (Direct Rendering Manager) driver, which manages AMD Radeon graphics cards. The issue arises from an incomplete flush of the Radeon lockup work queue during GPU suspend operations. Specifically, while the Radeon driver fences and waits for the GPU to finish processing current batch rings, there exists a corner case where the lockup work queue is not fully flushed before the radeon_suspend_kms() function invokes pci_set_power_state() to transition the device into the D3hot power state. According to PCI specification revision 4.0, in the D3hot state, only Configuration and Message requests are accepted by the device function; all other requests must be treated as unsupported or unexpected. Failure to properly flush the work queue can lead to kernel paging faults and crashes, as evidenced by kernel oops logs showing invalid memory accesses during the si_gpu_check_soft_reset and si_dma_is_lockup routines. This results in system instability and potential denial of service. The root cause is a race condition between GPU suspend operations and pending work queue tasks that are not properly synchronized before power state changes. The fix involves forcing a flush of the lockup work queue to ensure all GPU-related tasks complete before the device enters the low power state, preventing invalid memory accesses and kernel panics. This vulnerability affects Linux kernel versions containing the specified commit hashes and impacts systems using Radeon GPUs with the affected driver code. No known exploits are reported in the wild as of the publication date, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running Linux with AMD Radeon graphics hardware, including servers, desktops, and embedded devices. The impact includes potential system crashes and denial of service due to kernel panics triggered by the improper handling of GPU suspend operations. Organizations relying on Linux-based infrastructure with Radeon GPUs may experience unexpected downtime, affecting business continuity and operational stability. Critical sectors such as finance, healthcare, manufacturing, and public services that utilize Linux servers or workstations with Radeon GPUs could face disruptions. Additionally, the vulnerability could be exploited indirectly by triggering system instability through crafted workloads or power state transitions, although no active exploits are known. The lack of authentication or user interaction requirements means that local attackers or malicious software with kernel-level access could trigger the issue. While this vulnerability does not directly lead to privilege escalation or data leakage, the resulting denial of service could be leveraged as part of a broader attack strategy to disrupt services or cause operational delays.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions where this vulnerability is patched, ensuring the Radeon DRM driver includes the forced flush fix for the lockup work queue. System administrators should: 1) Monitor and apply Linux kernel updates from trusted sources promptly, especially those related to the Radeon driver and power management subsystems. 2) Audit systems to identify the presence of affected Radeon GPUs and kernel versions using the specified commit hashes or release notes. 3) Implement kernel crash monitoring and alerting to detect early signs of this issue, enabling rapid response to potential system instability. 4) For critical systems, consider temporarily disabling GPU suspend features or configuring power management settings to avoid entering the D3hot state until patches are applied. 5) Engage with hardware vendors and Linux distribution maintainers to verify that patched kernel versions are available and tested for their environments. 6) Incorporate this vulnerability into vulnerability management and patching workflows to ensure ongoing compliance and risk reduction. These steps go beyond generic advice by focusing on targeted patching, system auditing, and operational adjustments specific to the Radeon GPU power management context.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy, Spain
CVE-2022-48704: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: drm/radeon: add a force flush to delay work when radeon Although radeon card fence and wait for gpu to finish processing current batch rings, there is still a corner case that radeon lockup work queue may not be fully flushed, and meanwhile the radeon_suspend_kms() function has called pci_set_power_state() to put device in D3hot state. Per PCI spec rev 4.0 on 5.3.1.4.1 D3hot State. > Configuration and Message requests are the only TLPs accepted by a Function in > the D3hot state. All other received Requests must be handled as Unsupported Requests, > and all received Completions may optionally be handled as Unexpected Completions. This issue will happen in following logs: Unable to handle kernel paging request at virtual address 00008800e0008010 CPU 0 kworker/0:3(131): Oops 0 pc = [<ffffffff811bea5c>] ra = [<ffffffff81240844>] ps = 0000 Tainted: G W pc is at si_gpu_check_soft_reset+0x3c/0x240 ra is at si_dma_is_lockup+0x34/0xd0 v0 = 0000000000000000 t0 = fff08800e0008010 t1 = 0000000000010000 t2 = 0000000000008010 t3 = fff00007e3c00000 t4 = fff00007e3c00258 t5 = 000000000000ffff t6 = 0000000000000001 t7 = fff00007ef078000 s0 = fff00007e3c016e8 s1 = fff00007e3c00000 s2 = fff00007e3c00018 s3 = fff00007e3c00000 s4 = fff00007fff59d80 s5 = 0000000000000000 s6 = fff00007ef07bd98 a0 = fff00007e3c00000 a1 = fff00007e3c016e8 a2 = 0000000000000008 a3 = 0000000000000001 a4 = 8f5c28f5c28f5c29 a5 = ffffffff810f4338 t8 = 0000000000000275 t9 = ffffffff809b66f8 t10 = ff6769c5d964b800 t11= 000000000000b886 pv = ffffffff811bea20 at = 0000000000000000 gp = ffffffff81d89690 sp = 00000000aa814126 Disabling lock debugging due to kernel taint Trace: [<ffffffff81240844>] si_dma_is_lockup+0x34/0xd0 [<ffffffff81119610>] radeon_fence_check_lockup+0xd0/0x290 [<ffffffff80977010>] process_one_work+0x280/0x550 [<ffffffff80977350>] worker_thread+0x70/0x7c0 [<ffffffff80977410>] worker_thread+0x130/0x7c0 [<ffffffff80982040>] kthread+0x200/0x210 [<ffffffff809772e0>] worker_thread+0x0/0x7c0 [<ffffffff80981f8c>] kthread+0x14c/0x210 [<ffffffff80911658>] ret_from_kernel_thread+0x18/0x20 [<ffffffff80981e40>] kthread+0x0/0x210 Code: ad3e0008 43f0074a ad7e0018 ad9e0020 8c3001e8 40230101 <88210000> 4821ed21 So force lockup work queue flush to fix this problem.
AI-Powered Analysis
Technical Analysis
CVE-2022-48704 is a vulnerability identified in the Linux kernel's Radeon DRM (Direct Rendering Manager) driver, which manages AMD Radeon graphics cards. The issue arises from an incomplete flush of the Radeon lockup work queue during GPU suspend operations. Specifically, while the Radeon driver fences and waits for the GPU to finish processing current batch rings, there exists a corner case where the lockup work queue is not fully flushed before the radeon_suspend_kms() function invokes pci_set_power_state() to transition the device into the D3hot power state. According to PCI specification revision 4.0, in the D3hot state, only Configuration and Message requests are accepted by the device function; all other requests must be treated as unsupported or unexpected. Failure to properly flush the work queue can lead to kernel paging faults and crashes, as evidenced by kernel oops logs showing invalid memory accesses during the si_gpu_check_soft_reset and si_dma_is_lockup routines. This results in system instability and potential denial of service. The root cause is a race condition between GPU suspend operations and pending work queue tasks that are not properly synchronized before power state changes. The fix involves forcing a flush of the lockup work queue to ensure all GPU-related tasks complete before the device enters the low power state, preventing invalid memory accesses and kernel panics. This vulnerability affects Linux kernel versions containing the specified commit hashes and impacts systems using Radeon GPUs with the affected driver code. No known exploits are reported in the wild as of the publication date, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running Linux with AMD Radeon graphics hardware, including servers, desktops, and embedded devices. The impact includes potential system crashes and denial of service due to kernel panics triggered by the improper handling of GPU suspend operations. Organizations relying on Linux-based infrastructure with Radeon GPUs may experience unexpected downtime, affecting business continuity and operational stability. Critical sectors such as finance, healthcare, manufacturing, and public services that utilize Linux servers or workstations with Radeon GPUs could face disruptions. Additionally, the vulnerability could be exploited indirectly by triggering system instability through crafted workloads or power state transitions, although no active exploits are known. The lack of authentication or user interaction requirements means that local attackers or malicious software with kernel-level access could trigger the issue. While this vulnerability does not directly lead to privilege escalation or data leakage, the resulting denial of service could be leveraged as part of a broader attack strategy to disrupt services or cause operational delays.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions where this vulnerability is patched, ensuring the Radeon DRM driver includes the forced flush fix for the lockup work queue. System administrators should: 1) Monitor and apply Linux kernel updates from trusted sources promptly, especially those related to the Radeon driver and power management subsystems. 2) Audit systems to identify the presence of affected Radeon GPUs and kernel versions using the specified commit hashes or release notes. 3) Implement kernel crash monitoring and alerting to detect early signs of this issue, enabling rapid response to potential system instability. 4) For critical systems, consider temporarily disabling GPU suspend features or configuring power management settings to avoid entering the D3hot state until patches are applied. 5) Engage with hardware vendors and Linux distribution maintainers to verify that patched kernel versions are available and tested for their environments. 6) Incorporate this vulnerability into vulnerability management and patching workflows to ensure ongoing compliance and risk reduction. These steps go beyond generic advice by focusing on targeted patching, system auditing, and operational adjustments specific to the Radeon GPU power management context.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-03T14:55:07.146Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982ec4522896dcbe5ed9
Added to database: 5/21/2025, 9:09:02 AM
Last enriched: 6/30/2025, 7:13:13 PM
Last updated: 8/12/2025, 4:40:39 AM
Views: 14
Related Threats
CVE-2025-55164: CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in helmetjs content-security-policy-parser
HighCVE-2025-3089: CWE-639 Authorization Bypass Through User-Controlled Key in ServiceNow ServiceNow AI Platform
MediumCVE-2025-54864: CWE-306: Missing Authentication for Critical Function in NixOS hydra
MediumCVE-2025-54800: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in NixOS hydra
HighCVE-2025-8452: CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory in Brother Industries, Ltd HL-L8260CDN
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.