CVE-2022-49335
- Source
- https://cve.org/CVERecord?id=CVE-2022-49335
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49335.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-49335
- Downstream
- Related
- Published
- 2025-02-26T02:10:54.763Z
- Modified
- 2026-04-11T12:43:53.746Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- drm/amdgpu/cs: make commands with 0 chunks illegal behaviour.
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu/cs: make commands with 0 chunks illegal behaviour.
Submitting a cs with 0 chunks, causes an oops later, found trying to execute the wrong userspace driver.
MESALOADERDRIVER_OVERRIDE=v3d glxinfo
[172536.665184] BUG: kernel NULL pointer dereference, address: 00000000000001d8 [172536.665188] #PF: supervisor read access in kernel mode [172536.665189] #PF: errorcode(0x0000) - not-present page [172536.665191] PGD 6712a0067 P4D 6712a0067 PUD 5af9ff067 PMD 0 [172536.665195] Oops: 0000 [#1] SMP NOPTI [172536.665197] CPU: 7 PID: 2769838 Comm: glxinfo Tainted: P O 5.10.81 #1-NixOS [172536.665199] Hardware name: To be filled by O.E.M. To be filled by O.E.M./CROSSHAIR V FORMULA-Z, BIOS 2201 03/23/2015 [172536.665272] RIP: 0010:amdgpucsioctl+0x96/0x1ce0 [amdgpu] [172536.665274] Code: 75 18 00 00 4c 8b b2 88 00 00 00 8b 46 08 48 89 54 24 68 49 89 f7 4c 89 5c 24 60 31 d2 4c 89 74 24 30 85 c0 0f 85 c0 01 00 00 <48> 83 ba d8 01 00 00 00 48 8b b4 24 90 00 00 00 74 16 48 8b 46 10 [172536.665276] RSP: 0018:ffffb47c0e81bbe0 EFLAGS: 00010246 [172536.665277] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [172536.665278] RDX: 0000000000000000 RSI: ffffb47c0e81be28 RDI: ffffb47c0e81bd68 [172536.665279] RBP: ffff936524080010 R08: 0000000000000000 R09: ffffb47c0e81be38 [172536.665281] R10: ffff936524080010 R11: ffff936524080000 R12: ffffb47c0e81bc40 [172536.665282] R13: ffffb47c0e81be28 R14: ffff9367bc410000 R15: ffffb47c0e81be28 [172536.665283] FS: 00007fe35e05d740(0000) GS:ffff936c1edc0000(0000) knlGS:0000000000000000 [172536.665284] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [172536.665286] CR2: 00000000000001d8 CR3: 0000000532e46000 CR4: 00000000000406e0 [172536.665287] Call Trace: [172536.665322] ? amdgpucsfindmapping+0x110/0x110 [amdgpu] [172536.665332] drmioctlkernel+0xaa/0xf0 [drm] [172536.665338] drmioctl+0x201/0x3b0 [drm] [172536.665369] ? amdgpucsfindmapping+0x110/0x110 [amdgpu] [172536.665372] ? selinuxfileioctl+0x135/0x230 [172536.665399] amdgpudrmioctl+0x49/0x80 [amdgpu] [172536.665403] __x64sysioctl+0x83/0xb0 [172536.665406] dosyscall64+0x33/0x40 [172536.665409] entrySYSCALL64afterhwframe+0x44/0xa9
Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/2018
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49335.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/15c3bcc9b5349d40207e5f8d4d799b8b4b7d13b8
- https://git.kernel.org/stable/c/20b947e5a3c74c5084d661c097517a554989d462
- https://git.kernel.org/stable/c/31ab27b14daaa75541a415c6794d6f3567fea44a
- https://git.kernel.org/stable/c/70276460e914d560e96bfc208695a872fe9469c9
- https://git.kernel.org/stable/c/7086a23890d255bb5761604e39174b20d06231a4
- https://git.kernel.org/stable/c/8189f44270db1be78169e11eec51a3eeb980bc63
- https://git.kernel.org/stable/c/aa25acbe96692e4bf8482311c293f72d8c6034c0
- https://git.kernel.org/stable/c/be585921f29df5422a39c952d188b418ad48ffab
- https://git.kernel.org/stable/c/c12984cdb077b9042d2dc20ca18cb16a87bcc774
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49335.json
- https://nvd.nist.gov/vuln/detail/CVE-2022-49335
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd38ceaf99ed015f2a0b9af3499791bd3a3daae21Fixed8189f44270db1be78169e11eec51a3eeb980bc63Fixedaa25acbe96692e4bf8482311c293f72d8c6034c0Fixed15c3bcc9b5349d40207e5f8d4d799b8b4b7d13b8Fixedc12984cdb077b9042d2dc20ca18cb16a87bcc774Fixedbe585921f29df5422a39c952d188b418ad48ffabFixed70276460e914d560e96bfc208695a872fe9469c9Fixed20b947e5a3c74c5084d661c097517a554989d462Fixed7086a23890d255bb5761604e39174b20d06231a4Fixed31ab27b14daaa75541a415c6794d6f3567fea44a
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced4.2.0Fixed4.9.318
- Type
- ECOSYSTEM
- Events
-
Introduced4.10.0Fixed4.14.283
- Type
- ECOSYSTEM
- Events
-
Introduced4.15.0Fixed4.19.247
- Type
- ECOSYSTEM
- Events
-
Introduced4.20.0Fixed5.4.198
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.121
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.46
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed5.17.14
- Type
- ECOSYSTEM
- Events
-
Introduced5.18.0Fixed5.18.3