CVE-2022-48990

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

n the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix use-after-free during gpu recovery [Why] [ 754.862560] refcount_t: underflow; use-after-free. [ 754.862898] Call Trace: [ 754.862903] <TASK> [ 754.862913] amdgpu_job_free_cb+0xc2/0xe1 [amdgpu] [ 754.863543] drm_sched_main.cold+0x34/0x39 [amd_sched] [How] The fw_fence may be not init, check whether dma_fence_init is performed before job free

References

Link	Resource
https://git.kernel.org/stable/c/3cb93f390453cde4d6afda1587aaa00e75e09617	Patch
https://git.kernel.org/stable/c/d2a89cd942edd50c1e652004fd64019be78b0a96	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc6::::::

History

25 Oct 2024, 16:03

Type	Values Removed	Values Added
CPE		cpe:2.3:o:linux:linux_kernel:6.1:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.1:rc5:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.1:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.1:rc6:::::: cpe:2.3:o:linux:linux_kernel:6.1:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.1:rc2::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
CWE		CWE-416
First Time		Linux Linux linux Kernel
References	~~() https://git.kernel.org/stable/c/3cb93f390453cde4d6afda1587aaa00e75e09617 -~~	() https://git.kernel.org/stable/c/3cb93f390453cde4d6afda1587aaa00e75e09617 - Patch
References	~~() https://git.kernel.org/stable/c/d2a89cd942edd50c1e652004fd64019be78b0a96 -~~	() https://git.kernel.org/stable/c/d2a89cd942edd50c1e652004fd64019be78b0a96 - Patch

23 Oct 2024, 15:13

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdgpu: corregir el use after free durante la recuperación de la GPU [Por qué] [ 754.862560] refcount_t: desbordamiento; use after free. [ 754.862898] Seguimiento de llamadas: [ 754.862903] [ 754.862913] amdgpu_job_free_cb+0xc2/0xe1 [amdgpu] [ 754.863543] drm_sched_main.cold+0x34/0x39 [amd_sched] [Cómo] Es posible que fw_fence no se inicialice, verifique si dma_fence_init se realiza antes de la liberación del trabajo

21 Oct 2024, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-21 20:15

Updated : 2024-10-25 16:03

NVD link : CVE-2022-48990

Mitre link : CVE-2022-48990

CVE.ORG link : CVE-2022-48990

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-416

Use After Free

7.8 /10