CVE-2022-49335: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/cs: make commands with 0 chunks illegal behaviour. Submitting a cs with 0 chunks, causes an oops later, found trying to execute the wrong userspace driver. MESA_LOADER_DRIVER_OVERRIDE=v3d glxinfo [172536.665184] BUG: kernel NULL pointer dereference, address: 00000000000001d8 [172536.665188] #PF: supervisor read access in kernel mode [172536.665189] #PF: error_code(0x0000) - not-present page [172536.665191] PGD 6712a0067 P4D 6712a0067 PUD 5af9ff067 PMD 0 [172536.665195] Oops: 0000 [#1] SMP NOPTI [172536.665197] CPU: 7 PID: 2769838 Comm: glxinfo Tainted: P O 5.10.81 #1-NixOS [172536.665199] Hardware name: To be filled by O.E.M. To be filled by O.E.M./CROSSHAIR V FORMULA-Z, BIOS 2201 03/23/2015 [172536.665272] RIP: 0010:amdgpu_cs_ioctl+0x96/0x1ce0 [amdgpu] [172536.665274] Code: 75 18 00 00 4c 8b b2 88 00 00 00 8b 46 08 48 89 54 24 68 49 89 f7 4c 89 5c 24 60 31 d2 4c 89 74 24 30 85 c0 0f 85 c0 01 00 00 <48> 83 ba d8 01 00 00 00 48 8b b4 24 90 00 00 00 74 16 48 8b 46 10 [172536.665276] RSP: 0018:ffffb47c0e81bbe0 EFLAGS: 00010246 [172536.665277] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [172536.665278] RDX: 0000000000000000 RSI: ffffb47c0e81be28 RDI: ffffb47c0e81bd68 [172536.665279] RBP: ffff936524080010 R08: 0000000000000000 R09: ffffb47c0e81be38 [172536.665281] R10: ffff936524080010 R11: ffff936524080000 R12: ffffb47c0e81bc40 [172536.665282] R13: ffffb47c0e81be28 R14: ffff9367bc410000 R15: ffffb47c0e81be28 [172536.665283] FS: 00007fe35e05d740(0000) GS:ffff936c1edc0000(0000) knlGS:0000000000000000 [172536.665284] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [172536.665286] CR2: 00000000000001d8 CR3: 0000000532e46000 CR4: 00000000000406e0 [172536.665287] Call Trace: [172536.665322] ? amdgpu_cs_find_mapping+0x110/0x110 [amdgpu] [172536.665332] drm_ioctl_kernel+0xaa/0xf0 [drm] [172536.665338] drm_ioctl+0x201/0x3b0 [drm] [172536.665369] ? amdgpu_cs_find_mapping+0x110/0x110 [amdgpu] [172536.665372] ? selinux_file_ioctl+0x135/0x230 [172536.665399] amdgpu_drm_ioctl+0x49/0x80 [amdgpu] [172536.665403] __x64_sys_ioctl+0x83/0xb0 [172536.665406] do_syscall_64+0x33/0x40 [172536.665409] entry_SYSCALL_64_after_hwframe+0x44/0xa9 Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/2018
AI Analysis
Technical Summary
CVE-2022-49335 is a vulnerability identified in the Linux kernel's AMD GPU driver component (amdgpu), specifically within the command submission (cs) interface. The flaw arises when a command submission with zero chunks is processed. Normally, command submissions include one or more chunks of data that the GPU driver uses to execute graphics commands. However, submitting a command with zero chunks triggers illegal behavior, leading to a kernel NULL pointer dereference and a subsequent kernel oops (crash). This occurs because the driver attempts to execute commands using an incorrect userspace driver, resulting in a supervisor read access fault at an invalid memory address (0x00000000000001d8). The kernel stack trace shows the fault happens in the amdgpu_cs_ioctl function, which handles ioctl calls for command submissions. The issue can cause the kernel to crash, leading to denial of service. The vulnerability is rooted in improper validation of the command submission input, allowing malformed requests to cause memory access violations. Although no known exploits are reported in the wild, the vulnerability is significant because it affects the Linux kernel's graphics subsystem, which is widely used in servers, desktops, and embedded devices. The affected versions are tied to a specific Linux kernel commit hash, indicating the flaw exists in certain kernel builds prior to patching. The bug is tracked in the freedesktop.org AMD GPU driver issue tracker, confirming it is recognized and addressed by the maintainers. No CVSS score is assigned yet, and no patches are linked in the provided data, but the vulnerability is publicly disclosed and classified as a kernel-level denial of service risk due to NULL pointer dereference triggered by malformed ioctl calls to the amdgpu driver.
Potential Impact
For European organizations, this vulnerability poses a risk primarily of denial of service on Linux systems using AMD GPUs with the affected kernel versions. Systems running workloads that rely on GPU acceleration or graphical interfaces could experience kernel crashes, leading to service interruptions, potential data loss, or degraded operational capability. This is particularly critical for sectors such as finance, research, media production, and government infrastructure where Linux servers and workstations with AMD GPUs are deployed. The inability to handle malformed command submissions safely could be exploited by local users or malicious software with access to the system to cause instability. While the vulnerability does not appear to allow privilege escalation or remote code execution directly, the resulting kernel crashes could be leveraged in multi-stage attacks or disrupt critical services. European organizations with high reliance on Linux-based infrastructure, especially those using AMD GPU hardware for compute or graphical workloads, may face operational risks until the vulnerability is patched. Additionally, the disruption could impact compliance with availability requirements under regulations such as GDPR and NIS Directive if critical services are affected.
Mitigation Recommendations
1. Immediate mitigation involves updating the Linux kernel to a version where this vulnerability is patched. Organizations should track Linux kernel releases and apply security updates promptly, especially those including fixes to the amdgpu driver. 2. If immediate patching is not feasible, restrict access to systems with AMD GPUs to trusted users only, minimizing the risk of malicious command submissions. 3. Employ kernel lockdown or mandatory access control mechanisms (e.g., SELinux, AppArmor) to limit the ability of unprivileged users or processes to invoke ioctl calls on the amdgpu device nodes. 4. Monitor system logs for kernel oops or crashes related to amdgpu_cs_ioctl to detect potential exploitation attempts. 5. For critical environments, consider temporarily disabling or blacklisting the amdgpu driver if GPU functionality is not essential, to prevent the vulnerability from being triggered. 6. Engage with Linux distribution security advisories and AMD GPU driver maintainers for official patches and guidance. 7. Conduct thorough testing of kernel updates in staging environments to ensure stability before deployment in production.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy, Spain
CVE-2022-49335: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/cs: make commands with 0 chunks illegal behaviour. Submitting a cs with 0 chunks, causes an oops later, found trying to execute the wrong userspace driver. MESA_LOADER_DRIVER_OVERRIDE=v3d glxinfo [172536.665184] BUG: kernel NULL pointer dereference, address: 00000000000001d8 [172536.665188] #PF: supervisor read access in kernel mode [172536.665189] #PF: error_code(0x0000) - not-present page [172536.665191] PGD 6712a0067 P4D 6712a0067 PUD 5af9ff067 PMD 0 [172536.665195] Oops: 0000 [#1] SMP NOPTI [172536.665197] CPU: 7 PID: 2769838 Comm: glxinfo Tainted: P O 5.10.81 #1-NixOS [172536.665199] Hardware name: To be filled by O.E.M. To be filled by O.E.M./CROSSHAIR V FORMULA-Z, BIOS 2201 03/23/2015 [172536.665272] RIP: 0010:amdgpu_cs_ioctl+0x96/0x1ce0 [amdgpu] [172536.665274] Code: 75 18 00 00 4c 8b b2 88 00 00 00 8b 46 08 48 89 54 24 68 49 89 f7 4c 89 5c 24 60 31 d2 4c 89 74 24 30 85 c0 0f 85 c0 01 00 00 <48> 83 ba d8 01 00 00 00 48 8b b4 24 90 00 00 00 74 16 48 8b 46 10 [172536.665276] RSP: 0018:ffffb47c0e81bbe0 EFLAGS: 00010246 [172536.665277] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [172536.665278] RDX: 0000000000000000 RSI: ffffb47c0e81be28 RDI: ffffb47c0e81bd68 [172536.665279] RBP: ffff936524080010 R08: 0000000000000000 R09: ffffb47c0e81be38 [172536.665281] R10: ffff936524080010 R11: ffff936524080000 R12: ffffb47c0e81bc40 [172536.665282] R13: ffffb47c0e81be28 R14: ffff9367bc410000 R15: ffffb47c0e81be28 [172536.665283] FS: 00007fe35e05d740(0000) GS:ffff936c1edc0000(0000) knlGS:0000000000000000 [172536.665284] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [172536.665286] CR2: 00000000000001d8 CR3: 0000000532e46000 CR4: 00000000000406e0 [172536.665287] Call Trace: [172536.665322] ? amdgpu_cs_find_mapping+0x110/0x110 [amdgpu] [172536.665332] drm_ioctl_kernel+0xaa/0xf0 [drm] [172536.665338] drm_ioctl+0x201/0x3b0 [drm] [172536.665369] ? amdgpu_cs_find_mapping+0x110/0x110 [amdgpu] [172536.665372] ? selinux_file_ioctl+0x135/0x230 [172536.665399] amdgpu_drm_ioctl+0x49/0x80 [amdgpu] [172536.665403] __x64_sys_ioctl+0x83/0xb0 [172536.665406] do_syscall_64+0x33/0x40 [172536.665409] entry_SYSCALL_64_after_hwframe+0x44/0xa9 Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/2018
AI-Powered Analysis
Technical Analysis
CVE-2022-49335 is a vulnerability identified in the Linux kernel's AMD GPU driver component (amdgpu), specifically within the command submission (cs) interface. The flaw arises when a command submission with zero chunks is processed. Normally, command submissions include one or more chunks of data that the GPU driver uses to execute graphics commands. However, submitting a command with zero chunks triggers illegal behavior, leading to a kernel NULL pointer dereference and a subsequent kernel oops (crash). This occurs because the driver attempts to execute commands using an incorrect userspace driver, resulting in a supervisor read access fault at an invalid memory address (0x00000000000001d8). The kernel stack trace shows the fault happens in the amdgpu_cs_ioctl function, which handles ioctl calls for command submissions. The issue can cause the kernel to crash, leading to denial of service. The vulnerability is rooted in improper validation of the command submission input, allowing malformed requests to cause memory access violations. Although no known exploits are reported in the wild, the vulnerability is significant because it affects the Linux kernel's graphics subsystem, which is widely used in servers, desktops, and embedded devices. The affected versions are tied to a specific Linux kernel commit hash, indicating the flaw exists in certain kernel builds prior to patching. The bug is tracked in the freedesktop.org AMD GPU driver issue tracker, confirming it is recognized and addressed by the maintainers. No CVSS score is assigned yet, and no patches are linked in the provided data, but the vulnerability is publicly disclosed and classified as a kernel-level denial of service risk due to NULL pointer dereference triggered by malformed ioctl calls to the amdgpu driver.
Potential Impact
For European organizations, this vulnerability poses a risk primarily of denial of service on Linux systems using AMD GPUs with the affected kernel versions. Systems running workloads that rely on GPU acceleration or graphical interfaces could experience kernel crashes, leading to service interruptions, potential data loss, or degraded operational capability. This is particularly critical for sectors such as finance, research, media production, and government infrastructure where Linux servers and workstations with AMD GPUs are deployed. The inability to handle malformed command submissions safely could be exploited by local users or malicious software with access to the system to cause instability. While the vulnerability does not appear to allow privilege escalation or remote code execution directly, the resulting kernel crashes could be leveraged in multi-stage attacks or disrupt critical services. European organizations with high reliance on Linux-based infrastructure, especially those using AMD GPU hardware for compute or graphical workloads, may face operational risks until the vulnerability is patched. Additionally, the disruption could impact compliance with availability requirements under regulations such as GDPR and NIS Directive if critical services are affected.
Mitigation Recommendations
1. Immediate mitigation involves updating the Linux kernel to a version where this vulnerability is patched. Organizations should track Linux kernel releases and apply security updates promptly, especially those including fixes to the amdgpu driver. 2. If immediate patching is not feasible, restrict access to systems with AMD GPUs to trusted users only, minimizing the risk of malicious command submissions. 3. Employ kernel lockdown or mandatory access control mechanisms (e.g., SELinux, AppArmor) to limit the ability of unprivileged users or processes to invoke ioctl calls on the amdgpu device nodes. 4. Monitor system logs for kernel oops or crashes related to amdgpu_cs_ioctl to detect potential exploitation attempts. 5. For critical environments, consider temporarily disabling or blacklisting the amdgpu driver if GPU functionality is not essential, to prevent the vulnerability from being triggered. 6. Engage with Linux distribution security advisories and AMD GPU driver maintainers for official patches and guidance. 7. Conduct thorough testing of kernel updates in staging environments to ensure stability before deployment in production.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-26T02:08:31.539Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982dc4522896dcbe56df
Added to database: 5/21/2025, 9:09:01 AM
Last enriched: 6/30/2025, 5:57:32 AM
Last updated: 8/16/2025, 5:19:55 PM
Views: 14
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.