CVE-2022-49529 in Linuxinfo

Summary

by MITRE • 02/26/2025

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu/pm: fix the null pointer while the smu is disabled

It needs to check if the pp_funcs is initialized while release the context, otherwise it will trigger null pointer panic while the software smu is not enabled.

[ 1109.404555] BUG: kernel NULL pointer dereference, address: 0000000000000078
[ 1109.404609] #PF: supervisor read access in kernel mode
[ 1109.404638] #PF: error_code(0x0000) - not-present page
[ 1109.404657] PGD 0 P4D 0
[ 1109.404672] Oops: 0000 [#1] PREEMPT SMP NOPTI
[ 1109.404701] CPU: 7 PID: 9150 Comm: amdgpu_test Tainted: G OEL 5.16.0-custom #1
[ 1109.404732] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
[ 1109.404765] RIP: 0010:amdgpu_dpm_force_performance_level+0x1d/0x170 [amdgpu]
[ 1109.405109] Code: 5d c3 44 8b a3 f0 80 00 00 eb e5 66 90 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 ec 08 4c 8b b7 f0 7d 00 00 83 7e 78 00 0f 84 f2 00 00 00 80 bf 87 80 00 00 00 48 89 fb 0f
[ 1109.405176] RSP: 0018:ffffaf3083ad7c20 EFLAGS: 00010282
[ 1109.405203] RAX: 0000000000000000 RBX: ffff9796b1c14600 RCX: 0000000002862007
[ 1109.405229] RDX: ffff97968591c8c0 RSI: 0000000000000001 RDI: ffff9796a3700000
[ 1109.405260] RBP: ffffaf3083ad7c50 R08: ffffffff9897de00 R09: ffff979688d9db60
[ 1109.405286] R10: 0000000000000000 R11: ffff979688d9db90 R12: 0000000000000001
[ 1109.405316] R13: ffff9796a3700000 R14: 0000000000000000 R15: ffff9796a3708fc0
[ 1109.405345] FS: 00007ff055cff180(0000) GS:ffff9796bfdc0000(0000) knlGS:0000000000000000
[ 1109.405378] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1109.405400] CR2: 0000000000000078 CR3: 000000000a394000 CR4: 00000000000506e0
[ 1109.405434] Call Trace:
[ 1109.405445]
[ 1109.405456] ? delete_object_full+0x1d/0x20
[ 1109.405480] amdgpu_ctx_set_stable_pstate+0x7c/0xa0 [amdgpu]
[ 1109.405698] amdgpu_ctx_fini.part.0+0xcb/0x100 [amdgpu]
[ 1109.405911] amdgpu_ctx_do_release+0x71/0x80 [amdgpu]
[ 1109.406121] amdgpu_ctx_ioctl+0x52d/0x550 [amdgpu]
[ 1109.406327] ? _raw_spin_unlock+0x1a/0x30
[ 1109.406354] ? drm_gem_handle_delete+0x81/0xb0 [drm]
[ 1109.406400] ? amdgpu_ctx_get_entity+0x2c0/0x2c0 [amdgpu]
[ 1109.406609] drm_ioctl_kernel+0xb6/0x140 [drm]

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 03/11/2025

The vulnerability CVE-2022-49529 resides within the Linux kernel's amdgpu driver, specifically addressing a null pointer dereference scenario during power management operations. This flaw manifests when the system attempts to release a graphics context while the software-managed unit (SMU) is disabled, creating a condition where the pp_funcs pointer remains uninitialized. The issue stems from inadequate validation checks before attempting to access function pointers that are essential for proper context cleanup, leading to a kernel panic when the system tries to dereference a null address at offset 0x78. The error occurs in the amdgpu_dpm_force_performance_level function, which is part of the power management subsystem responsible for controlling GPU performance states.

The technical root cause of this vulnerability aligns with CWE-476, which describes NULL pointer dereference conditions in software systems. The flaw demonstrates a classic improper initialization issue where the driver fails to verify that required function tables have been properly established before invoking operations on them. The kernel's memory management system detects this invalid access pattern and generates a kernel NULL pointer dereference panic, indicating that the system has attempted to access memory at address 0x0000000000000078 which is not mapped or accessible. This particular address offset represents a memory location within the function pointer table structure where the pp_funcs pointer should have been initialized but was not, triggering the immediate system crash.

From an operational perspective, this vulnerability presents a significant risk to systems utilizing AMD graphics hardware through the amdgpu driver, particularly in virtualized environments where SMU functionality might be disabled or unavailable. The impact extends beyond simple system instability to potentially compromise system availability and reliability, especially in production environments where graphics context management is frequent. Attackers could potentially exploit this condition to cause denial of service attacks against systems running affected kernel versions, though the attack surface is limited to scenarios involving specific graphics context operations and disabled SMU configurations. The vulnerability affects systems where the software SMU is not enabled, making it particularly relevant for virtualized deployments and systems where power management features are disabled or restricted.

Mitigation strategies for this vulnerability involve ensuring that all function pointer tables are properly initialized before any operations are performed on them, implementing comprehensive validation checks within the driver's context release routines. The fix requires adding proper null pointer checks before accessing pp_funcs during context cleanup operations, which aligns with defensive programming practices recommended by the ATT&CK framework for kernel-level security. System administrators should prioritize updating to kernel versions that contain the patched code, as the vulnerability is resolved through proper initialization verification within the drm/amdgpu/pm subsystem. Additionally, monitoring for kernel oops messages and system panics related to amdgpu driver operations can help identify systems potentially affected by this vulnerability before exploitation occurs.

Responsible

Linux

Reservation

02/26/2025

Disclosure

02/26/2025

Moderation

accepted

CPE

ready

EPSS

0.00209

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!