CVE-2022-49843 in Linuxinfo

Summary

by MITRE • 05/01/2025

In the Linux kernel, the following vulnerability has been resolved:

drm/amdkfd: Migrate in CPU page fault use current mm

migrate_vma_setup shows below warning because we don't hold another process mm mmap_lock. We should use current vmf->vma->vm_mm instead, the caller already hold current mmap lock inside CPU page fault handler.

WARNING: CPU: 10 PID: 3054 at include/linux/mmap_lock.h:155 find_vma Call Trace: walk_page_range+0x76/0x150 migrate_vma_setup+0x18a/0x640 svm_migrate_vram_to_ram+0x245/0xa10 [amdgpu]
svm_migrate_to_ram+0x36f/0x470 [amdgpu]
do_swap_page+0xcfe/0xec0 __handle_mm_fault+0x96b/0x15e0 handle_mm_fault+0x13f/0x3e0 do_user_addr_fault+0x1e7/0x690

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 03/14/2026

The vulnerability CVE-2022-49843 resides within the Linux kernel's graphics driver subsystem, specifically affecting the AMD Kernel Fusion Driver (amdkfd) component that manages GPU memory operations. This issue manifests during CPU page fault handling when the kernel attempts to migrate virtual memory areas from video RAM to system RAM. The flaw occurs in the migrate_vma_setup function which is part of the memory management infrastructure responsible for handling virtual memory area migrations. The warning message indicates a critical locking mechanism failure that could lead to system instability or potential privilege escalation.

The technical root cause stems from improper memory management locking during page fault processing. The migrate_vma_setup function attempts to access virtual memory area information without properly holding the target process's memory management lock, which is required for safe access to memory mappings. This violates fundamental kernel locking principles and creates a race condition scenario where concurrent access to memory management structures could result in corrupted data or memory corruption. The function incorrectly assumes it can access vmf->vma->vm_mm without proper lock acquisition, when in fact the caller already holds the current process's mmap_lock within the CPU page fault handler context.

This vulnerability presents significant operational impact within systems utilizing AMD graphics hardware, particularly those running memory-intensive applications or virtualization environments. The improper locking mechanism could allow malicious processes to exploit the race condition to gain unauthorized access to memory regions or potentially escalate privileges. The warning originates from the kernel's memory management subsystem and indicates that the system may be entering an inconsistent state during memory migration operations, which could lead to system crashes, data corruption, or denial of service conditions. The vulnerability affects the drm/amdkfd subsystem which is critical for GPU memory management in AMD graphics implementations.

Mitigation strategies should focus on applying the kernel patch that correctly implements the memory management locking by using current vmf->vma->vm_mm instead of attempting to access another process's memory management structure without proper locking. System administrators should prioritize updating to kernel versions containing the fix, particularly those with the specific commit addressing the mmap_lock usage. The fix aligns with CWE-362, which addresses concurrent execution using lock objects, and follows ATT&CK technique T1068, which involves exploiting local privileges through improper locking mechanisms. Organizations should also implement monitoring for kernel warnings related to memory management operations and ensure proper kernel version management across all systems utilizing AMD graphics hardware. The vulnerability demonstrates the critical importance of proper locking mechanisms in kernel space operations where concurrent access to shared resources could lead to severe security implications.

Responsible

Linux

Reservation

05/01/2025

Disclosure

05/01/2025

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!