CVE-2022-49069: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix by adding FPU protection for dcn30_internal_validate_bw [Why] Below general protection fault observed when WebGL Aquarium is run for longer duration. If drm debug logs are enabled and set to 0x1f then the issue is observed within 10 minutes of run. [ 100.717056] general protection fault, probably for non-canonical address 0x2d33302d32323032: 0000 [#1] PREEMPT SMP NOPTI [ 100.727921] CPU: 3 PID: 1906 Comm: DrmThread Tainted: G W 5.15.30 #12 d726c6a2d6ebe5cf9223931cbca6892f916fe18b [ 100.754419] RIP: 0010:CalculateSwathWidth+0x1f7/0x44f [ 100.767109] Code: 00 00 00 f2 42 0f 11 04 f0 48 8b 85 88 00 00 00 f2 42 0f 10 04 f0 48 8b 85 98 00 00 00 f2 42 0f 11 04 f0 48 8b 45 10 0f 57 c0 <f3> 42 0f 2a 04 b0 0f 57 c9 f3 43 0f 2a 0c b4 e8 8c e2 f3 ff 48 8b [ 100.781269] RSP: 0018:ffffa9230079eeb0 EFLAGS: 00010246 [ 100.812528] RAX: 2d33302d32323032 RBX: 0000000000000500 RCX: 0000000000000000 [ 100.819656] RDX: 0000000000000001 RSI: ffff99deb712c49c RDI: 0000000000000000 [ 100.826781] RBP: ffffa9230079ef50 R08: ffff99deb712460c R09: ffff99deb712462c [ 100.833907] R10: ffff99deb7124940 R11: ffff99deb7124d70 R12: ffff99deb712ae44 [ 100.841033] R13: 0000000000000001 R14: 0000000000000000 R15: ffffa9230079f0a0 [ 100.848159] FS: 00007af121212640(0000) GS:ffff99deba780000(0000) knlGS:0000000000000000 [ 100.856240] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 100.861980] CR2: 0000209000fe1000 CR3: 000000011b18c000 CR4: 0000000000350ee0 [ 100.869106] Call Trace: [ 100.871555] <TASK> [ 100.873655] ? asm_sysvec_reschedule_ipi+0x12/0x20 [ 100.878449] CalculateSwathAndDETConfiguration+0x1a3/0x6dd [ 100.883937] dml31_ModeSupportAndSystemConfigurationFull+0x2ce4/0x76da [ 100.890467] ? kallsyms_lookup_buildid+0xc8/0x163 [ 100.895173] ? kallsyms_lookup_buildid+0xc8/0x163 [ 100.899874] ? __sprint_symbol+0x80/0x135 [ 100.903883] ? dm_update_plane_state+0x3f9/0x4d2 [ 100.908500] ? symbol_string+0xb7/0xde [ 100.912250] ? number+0x145/0x29b [ 100.915566] ? vsnprintf+0x341/0x5ff [ 100.919141] ? desc_read_finalized_seq+0x39/0x87 [ 100.923755] ? update_load_avg+0x1b9/0x607 [ 100.927849] ? compute_mst_dsc_configs_for_state+0x7d/0xd5b [ 100.933416] ? fetch_pipe_params+0xa4d/0xd0c [ 100.937686] ? dc_fpu_end+0x3d/0xa8 [ 100.941175] dml_get_voltage_level+0x16b/0x180 [ 100.945619] dcn30_internal_validate_bw+0x10e/0x89b [ 100.950495] ? dcn31_validate_bandwidth+0x68/0x1fc [ 100.955285] ? resource_build_scaling_params+0x98b/0xb8c [ 100.960595] ? dcn31_validate_bandwidth+0x68/0x1fc [ 100.965384] dcn31_validate_bandwidth+0x9a/0x1fc [ 100.970001] dc_validate_global_state+0x238/0x295 [ 100.974703] amdgpu_dm_atomic_check+0x9c1/0xbce [ 100.979235] ? _printk+0x59/0x73 [ 100.982467] drm_atomic_check_only+0x403/0x78b [ 100.986912] drm_mode_atomic_ioctl+0x49b/0x546 [ 100.991358] ? drm_ioctl+0x1c1/0x3b3 [ 100.994936] ? drm_atomic_set_property+0x92a/0x92a [ 100.999725] drm_ioctl_kernel+0xdc/0x149 [ 101.003648] drm_ioctl+0x27f/0x3b3 [ 101.007051] ? drm_atomic_set_property+0x92a/0x92a [ 101.011842] amdgpu_drm_ioctl+0x49/0x7d [ 101.015679] __se_sys_ioctl+0x7c/0xb8 [ 101.015685] do_syscall_64+0x5f/0xb8 [ 101.015690] ? __irq_exit_rcu+0x34/0x96 [How] It calles populate_dml_pipes which uses doubles to initialize. Adding FPU protection avoids context switch and probable loss of vba context as there is potential contention while drm debug logs are enabled.
AI Analysis
Technical Summary
CVE-2022-49069 is a vulnerability identified in the Linux kernel, specifically within the Direct Rendering Manager (DRM) subsystem for AMD graphics hardware. The flaw relates to the drm/amd/display driver component, where the function dcn30_internal_validate_bw improperly handles floating point unit (FPU) context during bandwidth validation calculations. The vulnerability manifests as a general protection fault (GPF) triggered by non-canonical memory addresses during prolonged execution of WebGL Aquarium, particularly when DRM debug logs are enabled at a high verbosity level (0x1f). The root cause is the lack of proper FPU protection around the use of floating point operations in the populate_dml_pipes function, which initializes double precision floating point values. Without FPU protection, context switches can lead to loss or corruption of the FPU state (vba context), causing kernel faults and system instability. The issue is reproducible within approximately 10 minutes under the specified conditions. The patch involves adding FPU protection to the affected code path to prevent context switch interference during floating point operations. This vulnerability does not appear to have known exploits in the wild and affects specific Linux kernel versions identified by commit hashes. No CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability primarily threatens the stability and reliability of Linux systems running AMD GPU drivers under workloads involving graphics-intensive applications or WebGL content, especially when DRM debug logging is enabled. The general protection fault can cause kernel panics or system crashes, leading to denial of service (DoS) conditions. While it does not directly expose confidentiality or integrity risks, the availability impact can disrupt critical services, particularly in environments relying on Linux servers or workstations with AMD GPUs for rendering or compute tasks. Organizations in sectors such as media production, scientific computing, or cloud service providers using AMD hardware could experience operational interruptions. The vulnerability's requirement for debug logging to be enabled at a high level reduces the likelihood of widespread exploitation but does not eliminate the risk of accidental or targeted triggering in debug or development environments. Given the Linux kernel's widespread use across European industries and governments, the vulnerability's impact on system uptime and reliability is significant, especially where kernel stability is critical.
Mitigation Recommendations
European organizations should apply the official Linux kernel patches that add FPU protection around the dcn30_internal_validate_bw function as soon as they become available from trusted Linux distribution vendors or the mainline kernel. Until patched, it is advisable to disable or reduce the verbosity of DRM debug logging to avoid triggering the fault. System administrators should monitor kernel logs for signs of general protection faults related to AMD GPU drivers and consider limiting the use of WebGL Aquarium or similar graphics-intensive workloads in affected environments. For environments where AMD GPU usage is critical, testing kernel updates in staging before production deployment is recommended to ensure stability. Additionally, organizations should maintain up-to-date kernel versions and subscribe to Linux kernel security advisories to receive timely updates. Employing kernel live patching solutions where available can reduce downtime during patch application. Finally, auditing and restricting access to debug logging settings can prevent inadvertent enabling of conditions that trigger the fault.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy, Spain
CVE-2022-49069: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix by adding FPU protection for dcn30_internal_validate_bw [Why] Below general protection fault observed when WebGL Aquarium is run for longer duration. If drm debug logs are enabled and set to 0x1f then the issue is observed within 10 minutes of run. [ 100.717056] general protection fault, probably for non-canonical address 0x2d33302d32323032: 0000 [#1] PREEMPT SMP NOPTI [ 100.727921] CPU: 3 PID: 1906 Comm: DrmThread Tainted: G W 5.15.30 #12 d726c6a2d6ebe5cf9223931cbca6892f916fe18b [ 100.754419] RIP: 0010:CalculateSwathWidth+0x1f7/0x44f [ 100.767109] Code: 00 00 00 f2 42 0f 11 04 f0 48 8b 85 88 00 00 00 f2 42 0f 10 04 f0 48 8b 85 98 00 00 00 f2 42 0f 11 04 f0 48 8b 45 10 0f 57 c0 <f3> 42 0f 2a 04 b0 0f 57 c9 f3 43 0f 2a 0c b4 e8 8c e2 f3 ff 48 8b [ 100.781269] RSP: 0018:ffffa9230079eeb0 EFLAGS: 00010246 [ 100.812528] RAX: 2d33302d32323032 RBX: 0000000000000500 RCX: 0000000000000000 [ 100.819656] RDX: 0000000000000001 RSI: ffff99deb712c49c RDI: 0000000000000000 [ 100.826781] RBP: ffffa9230079ef50 R08: ffff99deb712460c R09: ffff99deb712462c [ 100.833907] R10: ffff99deb7124940 R11: ffff99deb7124d70 R12: ffff99deb712ae44 [ 100.841033] R13: 0000000000000001 R14: 0000000000000000 R15: ffffa9230079f0a0 [ 100.848159] FS: 00007af121212640(0000) GS:ffff99deba780000(0000) knlGS:0000000000000000 [ 100.856240] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 100.861980] CR2: 0000209000fe1000 CR3: 000000011b18c000 CR4: 0000000000350ee0 [ 100.869106] Call Trace: [ 100.871555] <TASK> [ 100.873655] ? asm_sysvec_reschedule_ipi+0x12/0x20 [ 100.878449] CalculateSwathAndDETConfiguration+0x1a3/0x6dd [ 100.883937] dml31_ModeSupportAndSystemConfigurationFull+0x2ce4/0x76da [ 100.890467] ? kallsyms_lookup_buildid+0xc8/0x163 [ 100.895173] ? kallsyms_lookup_buildid+0xc8/0x163 [ 100.899874] ? __sprint_symbol+0x80/0x135 [ 100.903883] ? dm_update_plane_state+0x3f9/0x4d2 [ 100.908500] ? symbol_string+0xb7/0xde [ 100.912250] ? number+0x145/0x29b [ 100.915566] ? vsnprintf+0x341/0x5ff [ 100.919141] ? desc_read_finalized_seq+0x39/0x87 [ 100.923755] ? update_load_avg+0x1b9/0x607 [ 100.927849] ? compute_mst_dsc_configs_for_state+0x7d/0xd5b [ 100.933416] ? fetch_pipe_params+0xa4d/0xd0c [ 100.937686] ? dc_fpu_end+0x3d/0xa8 [ 100.941175] dml_get_voltage_level+0x16b/0x180 [ 100.945619] dcn30_internal_validate_bw+0x10e/0x89b [ 100.950495] ? dcn31_validate_bandwidth+0x68/0x1fc [ 100.955285] ? resource_build_scaling_params+0x98b/0xb8c [ 100.960595] ? dcn31_validate_bandwidth+0x68/0x1fc [ 100.965384] dcn31_validate_bandwidth+0x9a/0x1fc [ 100.970001] dc_validate_global_state+0x238/0x295 [ 100.974703] amdgpu_dm_atomic_check+0x9c1/0xbce [ 100.979235] ? _printk+0x59/0x73 [ 100.982467] drm_atomic_check_only+0x403/0x78b [ 100.986912] drm_mode_atomic_ioctl+0x49b/0x546 [ 100.991358] ? drm_ioctl+0x1c1/0x3b3 [ 100.994936] ? drm_atomic_set_property+0x92a/0x92a [ 100.999725] drm_ioctl_kernel+0xdc/0x149 [ 101.003648] drm_ioctl+0x27f/0x3b3 [ 101.007051] ? drm_atomic_set_property+0x92a/0x92a [ 101.011842] amdgpu_drm_ioctl+0x49/0x7d [ 101.015679] __se_sys_ioctl+0x7c/0xb8 [ 101.015685] do_syscall_64+0x5f/0xb8 [ 101.015690] ? __irq_exit_rcu+0x34/0x96 [How] It calles populate_dml_pipes which uses doubles to initialize. Adding FPU protection avoids context switch and probable loss of vba context as there is potential contention while drm debug logs are enabled.
AI-Powered Analysis
Technical Analysis
CVE-2022-49069 is a vulnerability identified in the Linux kernel, specifically within the Direct Rendering Manager (DRM) subsystem for AMD graphics hardware. The flaw relates to the drm/amd/display driver component, where the function dcn30_internal_validate_bw improperly handles floating point unit (FPU) context during bandwidth validation calculations. The vulnerability manifests as a general protection fault (GPF) triggered by non-canonical memory addresses during prolonged execution of WebGL Aquarium, particularly when DRM debug logs are enabled at a high verbosity level (0x1f). The root cause is the lack of proper FPU protection around the use of floating point operations in the populate_dml_pipes function, which initializes double precision floating point values. Without FPU protection, context switches can lead to loss or corruption of the FPU state (vba context), causing kernel faults and system instability. The issue is reproducible within approximately 10 minutes under the specified conditions. The patch involves adding FPU protection to the affected code path to prevent context switch interference during floating point operations. This vulnerability does not appear to have known exploits in the wild and affects specific Linux kernel versions identified by commit hashes. No CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability primarily threatens the stability and reliability of Linux systems running AMD GPU drivers under workloads involving graphics-intensive applications or WebGL content, especially when DRM debug logging is enabled. The general protection fault can cause kernel panics or system crashes, leading to denial of service (DoS) conditions. While it does not directly expose confidentiality or integrity risks, the availability impact can disrupt critical services, particularly in environments relying on Linux servers or workstations with AMD GPUs for rendering or compute tasks. Organizations in sectors such as media production, scientific computing, or cloud service providers using AMD hardware could experience operational interruptions. The vulnerability's requirement for debug logging to be enabled at a high level reduces the likelihood of widespread exploitation but does not eliminate the risk of accidental or targeted triggering in debug or development environments. Given the Linux kernel's widespread use across European industries and governments, the vulnerability's impact on system uptime and reliability is significant, especially where kernel stability is critical.
Mitigation Recommendations
European organizations should apply the official Linux kernel patches that add FPU protection around the dcn30_internal_validate_bw function as soon as they become available from trusted Linux distribution vendors or the mainline kernel. Until patched, it is advisable to disable or reduce the verbosity of DRM debug logging to avoid triggering the fault. System administrators should monitor kernel logs for signs of general protection faults related to AMD GPU drivers and consider limiting the use of WebGL Aquarium or similar graphics-intensive workloads in affected environments. For environments where AMD GPU usage is critical, testing kernel updates in staging before production deployment is recommended to ensure stability. Additionally, organizations should maintain up-to-date kernel versions and subscribe to Linux kernel security advisories to receive timely updates. Employing kernel live patching solutions where available can reduce downtime during patch application. Finally, auditing and restricting access to debug logging settings can prevent inadvertent enabling of conditions that trigger the fault.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-26T01:49:39.244Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982fc4522896dcbe6a68
Added to database: 5/21/2025, 9:09:03 AM
Last enriched: 7/1/2025, 1:55:26 AM
Last updated: 8/18/2025, 2:27:26 PM
Views: 13
Related Threats
CVE-2025-9168: Cross Site Scripting in SolidInvoice
MediumCVE-2025-8364: Address bar spoofing using an blob URI on Firefox for Android in Mozilla Firefox
HighCVE-2025-8042: Sandboxed iframe could start downloads in Mozilla Firefox
HighCVE-2025-8041: Incorrect URL truncation in Firefox for Android in Mozilla Firefox
HighCVE-2025-55033: Drag and drop gestures in Focus for iOS could allow JavaScript links to be executed incorrectly in Mozilla Focus for iOS
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.