CVE-2022-49232 in Linux
Summary
by MITRE • 02/26/2025
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes()
In amdgpu_dm_connector_add_common_modes(), amdgpu_dm_create_common_mode() is assigned to mode and is passed to drm_mode_probed_add() directly after that. drm_mode_probed_add() passes &mode->head to list_add_tail(), and there is a dereference of it in list_add_tail() without recoveries, which could lead to NULL pointer dereference on failure of amdgpu_dm_create_common_mode().
Fix this by adding a NULL check of mode.
This bug was found by a static analyzer.
Builds with 'make allyesconfig' show no new warnings, and our static analyzer no longer warns about this code.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 05/23/2025
The vulnerability described in CVE-2022-49232 represents a critical NULL pointer dereference flaw within the AMD display driver component of the Linux kernel. This issue specifically affects the drm/amd/display subsystem where the amdgpu_dm_connector_add_common_modes() function fails to properly validate the return value from amdgpu_dm_create_common_mode() before passing it to drm_mode_probed_add(). The flaw occurs during the mode creation and addition process for AMD graphics hardware, creating a potential system crash scenario that could be exploited by malicious actors or inadvertently triggered by normal system operations.
The technical implementation of this vulnerability stems from inadequate input validation within the graphics driver's mode management code. When amdgpu_dm_create_common_mode() returns a NULL pointer due to allocation failure or other error conditions, the calling function does not perform a NULL check before passing this invalid pointer to drm_mode_probed_add(). The drm_mode_probed_add() function subsequently passes the pointer to list_add_tail() which performs an unconditional dereference of mode->head without any null safety measures. This direct dereference of a NULL pointer results in immediate system termination through a kernel oops or panic condition, effectively causing a denial of service attack against the target system.
From an operational impact perspective, this vulnerability presents a significant risk to Linux systems running AMD graphics hardware, particularly those in server or embedded environments where system stability is paramount. The flaw can be triggered through normal display mode enumeration operations, making it particularly concerning as it doesn't require special privileges or complex exploitation techniques. The static analysis approach used to discover this vulnerability aligns with modern security practices that emphasize automated code analysis tools as part of comprehensive vulnerability detection strategies. This type of vulnerability is classified as CWE-476 NULL Pointer Dereference, which represents one of the most common and dangerous classes of software defects in kernel space programming. The vulnerability also maps to ATT&CK technique T1499.004 for system shutdown/reboot, as the NULL pointer dereference can lead to system crashes and unavailability.
The mitigation strategy for CVE-2022-49232 involves implementing a simple but critical NULL pointer validation check before the mode pointer is passed to drm_mode_probed_add(). This fix directly addresses the root cause by ensuring that any failure in mode creation is properly handled before attempting to process the invalid pointer. The fix is minimal and surgical, reducing the risk of introducing new bugs while effectively resolving the vulnerability. The fact that builds with 'make allyesconfig' show no new warnings indicates that the fix does not introduce any regressions or additional complexity to the kernel build process, and the static analyzer no longer flags this code path as problematic. This approach demonstrates the importance of proper error handling in kernel drivers, particularly when dealing with memory allocation operations that can fail under resource-constrained conditions. The fix exemplifies defensive programming practices that are essential in kernel space code where memory corruption and pointer errors can lead to complete system compromise rather than simple application failures.