CVE-2022-48849 in Linux
Summary
by MITRE • 07/16/2024
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: bypass tiling flag check in virtual display case (v2)
vkms leverages common amdgpu framebuffer creation, and also as it does not support FB modifier, there is no need to check tiling flags when initing framebuffer when virtual display is enabled.
This can fix below calltrace:
amdgpu 0000:00:08.0: GFX9+ requires FB check based on format modifier WARNING: CPU: 0 PID: 1023 at drivers/gpu/drm/amd/amdgpu/amdgpu_display.c:1150 amdgpu_display_framebuffer_init+0x8e7/0xb40 [amdgpu]
v2: check adev->enable_virtual_display instead as vkms can be enabled in bare metal as well.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 07/23/2024
The vulnerability CVE-2022-48849 affects the Linux kernel's amdgpu driver component and specifically addresses an issue in the display subsystem's framebuffer initialization process. This flaw manifests when virtual display functionality is enabled, creating a scenario where the driver fails to properly validate tiling flags during framebuffer creation. The issue is particularly relevant to vkms (virtual kernel mode setting) which leverages the common amdgpu framebuffer creation mechanisms but does not support framebuffer modifiers, making the tiling flag validation unnecessary in virtual display contexts.
The technical implementation of this vulnerability stems from the driver's requirement to perform framebuffer format modifier checks on GFX9+ hardware, which mandates specific validation based on tiling parameters. When virtual displays are enabled, the system attempts to initialize framebuffers with tiling flag validation that should be bypassed given the virtual nature of the display. The original implementation incorrectly enforced these checks even when virtual display mode was active, leading to kernel warnings and potential system instability. The calltrace indicates the failure occurs in the amdgpu_display_framebuffer_init function within the amdgpu_display.c file at line 1150, where the driver attempts to validate framebuffer requirements based on format modifiers.
The operational impact of this vulnerability extends beyond simple kernel warnings to potentially affect system stability and display functionality on systems utilizing AMD graphics hardware with virtual display capabilities. When the virtual display flag is enabled, the driver should recognize that framebuffer tiling checks are not required, yet the original code path failed to distinguish between physical and virtual display contexts. This inconsistency can lead to unnecessary validation failures that may cascade into broader display subsystem issues, particularly affecting systems where vkms is used for virtualized graphics environments or bare metal deployments. The vulnerability affects systems running Linux kernels with amdgpu driver support, particularly those with GFX9+ AMD graphics processors where the framebuffer format modifier requirements are enforced.
The fix implemented in version two of the patch addresses this by checking the adev->enable_virtual_display flag instead of relying on the previous validation approach. This modification ensures that when virtual displays are active, the driver bypasses the tiling flag validation that would otherwise cause the kernel warning and potential initialization failures. The solution aligns with the principle of context-aware validation where the driver behavior adapts based on whether it operates in physical or virtual display modes. This approach follows security best practices by ensuring proper validation only when necessary, reducing attack surface while maintaining system functionality. The fix specifically addresses the CWE-252 weakness category related toUnchecked Return Values, where the driver should properly handle the validation flow based on display context rather than applying blanket checks. From an ATT&CK perspective, this vulnerability could be leveraged in privilege escalation scenarios where an attacker might exploit the kernel warning conditions to cause system instability or potentially gain elevated privileges through kernel memory corruption pathways. The mitigation strategy focuses on proper conditional logic implementation that respects virtualization boundaries within the graphics subsystem.