CVE-2022-48990

HIGH

Linux Kernel < 6.0.13 - Use-After-Free in AMDGPU GPU Recovery

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix use-after-free during gpu recovery [Why] [ 754.862560] refcount_t: underflow; use-after-free. [ 754.862898] Call Trace: [ 754.862903] <TASK> [ 754.862913] amdgpu_job_free_cb+0xc2/0xe1 [amdgpu] [ 754.863543] drm_sched_main.cold+0x34/0x39 [amd_sched] [How] The fw_fence may be not init, check whether dma_fence_init is performed before job free

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/d2a89cd942edd50c1e652004fd64019be78b0a96

Patch

https://git.kernel.org/stable/c/3cb93f390453cde4d6afda1587aaa00e75e09617

Scores

CVSS v3 7.8

EPSS 0.0023

EPSS Percentile 14.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-416

Status published

Products (9)

linux/Kernel 6.0.0 - 6.0.13linux

Linux/Linux < 6.0

Linux/Linux 6.0

Linux/Linux 6.0.13 - 6.0.*

Linux/Linux 6.1

Linux/Linux f6a3f66063ca39e7ee5fcee59e889c5ec4de9dc0 - 3cb93f390453cde4d6afda1587aaa00e75e09617

Linux/Linux f6a3f66063ca39e7ee5fcee59e889c5ec4de9dc0 - d2a89cd942edd50c1e652004fd64019be78b0a96

linux/linux_kernel 6.1 rc1 (6 CPE variants)

linux/linux_kernel < 6.0.13

Published Oct 21, 2024

Tracked Since Feb 18, 2026