{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-49335","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-02-26T02:08:31.539Z","datePublished":"2025-02-26T02:10:54.763Z","dateUpdated":"2025-10-01T19:46:55.196Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-09-16T08:01:59.183Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/cs: make commands with 0 chunks illegal behaviour.\n\nSubmitting a cs with 0 chunks, causes an oops later, found trying\nto execute the wrong userspace driver.\n\nMESA_LOADER_DRIVER_OVERRIDE=v3d glxinfo\n\n[172536.665184] BUG: kernel NULL pointer dereference, address: 00000000000001d8\n[172536.665188] #PF: supervisor read access in kernel mode\n[172536.665189] #PF: error_code(0x0000) - not-present page\n[172536.665191] PGD 6712a0067 P4D 6712a0067 PUD 5af9ff067 PMD 0\n[172536.665195] Oops: 0000 [#1] SMP NOPTI\n[172536.665197] CPU: 7 PID: 2769838 Comm: glxinfo Tainted: P           O      5.10.81 #1-NixOS\n[172536.665199] Hardware name: To be filled by O.E.M. To be filled by O.E.M./CROSSHAIR V FORMULA-Z, BIOS 2201 03/23/2015\n[172536.665272] RIP: 0010:amdgpu_cs_ioctl+0x96/0x1ce0 [amdgpu]\n[172536.665274] Code: 75 18 00 00 4c 8b b2 88 00 00 00 8b 46 08 48 89 54 24 68 49 89 f7 4c 89 5c 24 60 31 d2 4c 89 74 24 30 85 c0 0f 85 c0 01 00 00 <48> 83 ba d8 01 00 00 00 48 8b b4 24 90 00 00 00 74 16 48 8b 46 10\n[172536.665276] RSP: 0018:ffffb47c0e81bbe0 EFLAGS: 00010246\n[172536.665277] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000\n[172536.665278] RDX: 0000000000000000 RSI: ffffb47c0e81be28 RDI: ffffb47c0e81bd68\n[172536.665279] RBP: ffff936524080010 R08: 0000000000000000 R09: ffffb47c0e81be38\n[172536.665281] R10: ffff936524080010 R11: ffff936524080000 R12: ffffb47c0e81bc40\n[172536.665282] R13: ffffb47c0e81be28 R14: ffff9367bc410000 R15: ffffb47c0e81be28\n[172536.665283] FS:  00007fe35e05d740(0000) GS:ffff936c1edc0000(0000) knlGS:0000000000000000\n[172536.665284] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[172536.665286] CR2: 00000000000001d8 CR3: 0000000532e46000 CR4: 00000000000406e0\n[172536.665287] Call Trace:\n[172536.665322]  ? amdgpu_cs_find_mapping+0x110/0x110 [amdgpu]\n[172536.665332]  drm_ioctl_kernel+0xaa/0xf0 [drm]\n[172536.665338]  drm_ioctl+0x201/0x3b0 [drm]\n[172536.665369]  ? amdgpu_cs_find_mapping+0x110/0x110 [amdgpu]\n[172536.665372]  ? selinux_file_ioctl+0x135/0x230\n[172536.665399]  amdgpu_drm_ioctl+0x49/0x80 [amdgpu]\n[172536.665403]  __x64_sys_ioctl+0x83/0xb0\n[172536.665406]  do_syscall_64+0x33/0x40\n[172536.665409]  entry_SYSCALL_64_after_hwframe+0x44/0xa9\n\nBug: https://gitlab.freedesktop.org/drm/amd/-/issues/2018"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c"],"versions":[{"version":"d38ceaf99ed015f2a0b9af3499791bd3a3daae21","lessThan":"8189f44270db1be78169e11eec51a3eeb980bc63","status":"affected","versionType":"git"},{"version":"d38ceaf99ed015f2a0b9af3499791bd3a3daae21","lessThan":"aa25acbe96692e4bf8482311c293f72d8c6034c0","status":"affected","versionType":"git"},{"version":"d38ceaf99ed015f2a0b9af3499791bd3a3daae21","lessThan":"15c3bcc9b5349d40207e5f8d4d799b8b4b7d13b8","status":"affected","versionType":"git"},{"version":"d38ceaf99ed015f2a0b9af3499791bd3a3daae21","lessThan":"c12984cdb077b9042d2dc20ca18cb16a87bcc774","status":"affected","versionType":"git"},{"version":"d38ceaf99ed015f2a0b9af3499791bd3a3daae21","lessThan":"be585921f29df5422a39c952d188b418ad48ffab","status":"affected","versionType":"git"},{"version":"d38ceaf99ed015f2a0b9af3499791bd3a3daae21","lessThan":"70276460e914d560e96bfc208695a872fe9469c9","status":"affected","versionType":"git"},{"version":"d38ceaf99ed015f2a0b9af3499791bd3a3daae21","lessThan":"20b947e5a3c74c5084d661c097517a554989d462","status":"affected","versionType":"git"},{"version":"d38ceaf99ed015f2a0b9af3499791bd3a3daae21","lessThan":"7086a23890d255bb5761604e39174b20d06231a4","status":"affected","versionType":"git"},{"version":"d38ceaf99ed015f2a0b9af3499791bd3a3daae21","lessThan":"31ab27b14daaa75541a415c6794d6f3567fea44a","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c"],"versions":[{"version":"4.2","status":"affected"},{"version":"0","lessThan":"4.2","status":"unaffected","versionType":"semver"},{"version":"4.9.318","lessThanOrEqual":"4.9.*","status":"unaffected","versionType":"semver"},{"version":"4.14.283","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.247","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.198","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.121","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.46","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.17.14","lessThanOrEqual":"5.17.*","status":"unaffected","versionType":"semver"},{"version":"5.18.3","lessThanOrEqual":"5.18.*","status":"unaffected","versionType":"semver"},{"version":"5.19","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.2","versionEndExcluding":"4.9.318"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.2","versionEndExcluding":"4.14.283"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.2","versionEndExcluding":"4.19.247"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.2","versionEndExcluding":"5.4.198"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.2","versionEndExcluding":"5.10.121"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.2","versionEndExcluding":"5.15.46"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.2","versionEndExcluding":"5.17.14"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.2","versionEndExcluding":"5.18.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.2","versionEndExcluding":"5.19"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/8189f44270db1be78169e11eec51a3eeb980bc63"},{"url":"https://git.kernel.org/stable/c/aa25acbe96692e4bf8482311c293f72d8c6034c0"},{"url":"https://git.kernel.org/stable/c/15c3bcc9b5349d40207e5f8d4d799b8b4b7d13b8"},{"url":"https://git.kernel.org/stable/c/c12984cdb077b9042d2dc20ca18cb16a87bcc774"},{"url":"https://git.kernel.org/stable/c/be585921f29df5422a39c952d188b418ad48ffab"},{"url":"https://git.kernel.org/stable/c/70276460e914d560e96bfc208695a872fe9469c9"},{"url":"https://git.kernel.org/stable/c/20b947e5a3c74c5084d661c097517a554989d462"},{"url":"https://git.kernel.org/stable/c/7086a23890d255bb5761604e39174b20d06231a4"},{"url":"https://git.kernel.org/stable/c/31ab27b14daaa75541a415c6794d6f3567fea44a"}],"title":"drm/amdgpu/cs: make commands with 0 chunks illegal behaviour.","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":5.5,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"id":"CVE-2022-49335","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2025-10-01T19:43:07.709316Z"}}}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","cweId":"CWE-476","description":"CWE-476 NULL Pointer Dereference"}]}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-01T19:46:55.196Z"}}]}}