CVE-2022-49133: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: svm range restore work deadlock when process exit kfd_process_notifier_release flush svm_range_restore_work which calls svm_range_list_lock_and_flush_work to flush deferred_list work, but if deferred_list work mmput release the last user, it will call exit_mmap -> notifier_release, it is deadlock with below backtrace. Move flush svm_range_restore_work to kfd_process_wq_release to avoid deadlock. Then svm_range_restore_work take task->mm ref to avoid mm is gone while validating and mapping ranges to GPU. Workqueue: events svm_range_deferred_list_work [amdgpu] Call Trace: wait_for_completion+0x94/0x100 __flush_work+0x12a/0x1e0 __cancel_work_timer+0x10e/0x190 cancel_delayed_work_sync+0x13/0x20 kfd_process_notifier_release+0x98/0x2a0 [amdgpu] __mmu_notifier_release+0x74/0x1f0 exit_mmap+0x170/0x200 mmput+0x5d/0x130 svm_range_deferred_list_work+0x104/0x230 [amdgpu] process_one_work+0x220/0x3c0
AI Analysis
Technical Summary
CVE-2022-49133 is a vulnerability identified in the Linux kernel specifically within the AMD GPU driver subsystem (amdkfd) related to the management of shared virtual memory (SVM) ranges. The issue arises from a deadlock condition during the process exit sequence when the kernel attempts to flush deferred work related to SVM range restoration. The root cause is a circular dependency between the flushing of svm_range_restore_work and the release of memory management structures (mmput) that triggers exit_mmap and notifier_release callbacks. This deadlock occurs because the flush operation waits for completion of work that itself requires resources being released, causing the system to hang. The fix involves moving the flush operation to a different workqueue context (kfd_process_wq_release) to avoid the deadlock and ensuring that the task's memory descriptor (task->mm) is referenced during validation and mapping of GPU memory ranges to prevent premature release. The vulnerability affects Linux kernel versions containing the specified commit hash 42de677f79999791bee4e21be318c32d90ab62c6. Although no known exploits are reported in the wild, the issue impacts the AMD GPU kernel driver and its handling of SVM, which is critical for GPU-accelerated workloads and heterogeneous computing environments.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running Linux kernels with AMD GPU drivers in environments where GPU compute workloads are common, such as research institutions, data centers, cloud providers, and enterprises utilizing GPU acceleration for AI, machine learning, or graphics processing. The deadlock can cause system hangs or crashes during process termination, leading to denial of service (DoS) conditions. This can disrupt critical operations, reduce system availability, and potentially cause data loss if processes are terminated unexpectedly. Organizations relying on GPU-accelerated applications may experience degraded performance or outages. While the vulnerability does not directly expose confidential data or allow privilege escalation, the availability impact can be significant in production environments. Additionally, the complexity of the fix and the involvement of kernel memory management imply that improper handling could introduce stability issues if not correctly applied.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions that include the patch for CVE-2022-49133. Since the vulnerability is tied to the AMD GPU driver and kernel memory management, kernel updates from trusted Linux distributions (e.g., Ubuntu, Debian, Red Hat, SUSE) should be applied promptly. System administrators should audit their environments to identify systems running affected kernel versions with AMD GPU hardware. In environments where immediate patching is not feasible, temporarily disabling GPU acceleration or limiting workloads that trigger SVM range restoration may reduce exposure. Monitoring system logs for symptoms of deadlocks or hangs related to amdkfd workqueues can help detect attempts to exploit or trigger the issue. Additionally, thorough testing of kernel updates in staging environments is recommended to ensure stability, especially in heterogeneous computing clusters. Organizations should also maintain robust backup and recovery procedures to mitigate potential data loss from unexpected system hangs.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy, Spain
CVE-2022-49133: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: svm range restore work deadlock when process exit kfd_process_notifier_release flush svm_range_restore_work which calls svm_range_list_lock_and_flush_work to flush deferred_list work, but if deferred_list work mmput release the last user, it will call exit_mmap -> notifier_release, it is deadlock with below backtrace. Move flush svm_range_restore_work to kfd_process_wq_release to avoid deadlock. Then svm_range_restore_work take task->mm ref to avoid mm is gone while validating and mapping ranges to GPU. Workqueue: events svm_range_deferred_list_work [amdgpu] Call Trace: wait_for_completion+0x94/0x100 __flush_work+0x12a/0x1e0 __cancel_work_timer+0x10e/0x190 cancel_delayed_work_sync+0x13/0x20 kfd_process_notifier_release+0x98/0x2a0 [amdgpu] __mmu_notifier_release+0x74/0x1f0 exit_mmap+0x170/0x200 mmput+0x5d/0x130 svm_range_deferred_list_work+0x104/0x230 [amdgpu] process_one_work+0x220/0x3c0
AI-Powered Analysis
Technical Analysis
CVE-2022-49133 is a vulnerability identified in the Linux kernel specifically within the AMD GPU driver subsystem (amdkfd) related to the management of shared virtual memory (SVM) ranges. The issue arises from a deadlock condition during the process exit sequence when the kernel attempts to flush deferred work related to SVM range restoration. The root cause is a circular dependency between the flushing of svm_range_restore_work and the release of memory management structures (mmput) that triggers exit_mmap and notifier_release callbacks. This deadlock occurs because the flush operation waits for completion of work that itself requires resources being released, causing the system to hang. The fix involves moving the flush operation to a different workqueue context (kfd_process_wq_release) to avoid the deadlock and ensuring that the task's memory descriptor (task->mm) is referenced during validation and mapping of GPU memory ranges to prevent premature release. The vulnerability affects Linux kernel versions containing the specified commit hash 42de677f79999791bee4e21be318c32d90ab62c6. Although no known exploits are reported in the wild, the issue impacts the AMD GPU kernel driver and its handling of SVM, which is critical for GPU-accelerated workloads and heterogeneous computing environments.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running Linux kernels with AMD GPU drivers in environments where GPU compute workloads are common, such as research institutions, data centers, cloud providers, and enterprises utilizing GPU acceleration for AI, machine learning, or graphics processing. The deadlock can cause system hangs or crashes during process termination, leading to denial of service (DoS) conditions. This can disrupt critical operations, reduce system availability, and potentially cause data loss if processes are terminated unexpectedly. Organizations relying on GPU-accelerated applications may experience degraded performance or outages. While the vulnerability does not directly expose confidential data or allow privilege escalation, the availability impact can be significant in production environments. Additionally, the complexity of the fix and the involvement of kernel memory management imply that improper handling could introduce stability issues if not correctly applied.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions that include the patch for CVE-2022-49133. Since the vulnerability is tied to the AMD GPU driver and kernel memory management, kernel updates from trusted Linux distributions (e.g., Ubuntu, Debian, Red Hat, SUSE) should be applied promptly. System administrators should audit their environments to identify systems running affected kernel versions with AMD GPU hardware. In environments where immediate patching is not feasible, temporarily disabling GPU acceleration or limiting workloads that trigger SVM range restoration may reduce exposure. Monitoring system logs for symptoms of deadlocks or hangs related to amdkfd workqueues can help detect attempts to exploit or trigger the issue. Additionally, thorough testing of kernel updates in staging environments is recommended to ensure stability, especially in heterogeneous computing clusters. Organizations should also maintain robust backup and recovery procedures to mitigate potential data loss from unexpected system hangs.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-26T01:49:39.267Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982dc4522896dcbe4fce
Added to database: 5/21/2025, 9:09:01 AM
Last enriched: 6/30/2025, 3:12:42 AM
Last updated: 8/17/2025, 6:09:05 AM
Views: 19
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.