CVE-2022-48849: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-48849 affects the Linux kernel's AMD GPU driver (amdgpu). The vulnerability was discovered on July 16, 2024, and involves an issue with tiling flag checks in virtual display cases. The affected versions include Linux kernel versions up to 5.15.29 and from 5.16 up to (excluding) 5.16.15 (NVD).

The vulnerability exists in the AMD GPU driver where unnecessary tiling flag checks are performed when initializing framebuffers in virtual display cases. The issue occurs because vkms (Virtual Kernel Mode Setting) leverages common amdgpu framebuffer creation but does not support FB modifier, making the tiling flags check redundant when virtual display is enabled. This can trigger warning messages and potential issues in the kernel (Kernel Patch). The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N (NVD).

The vulnerability can lead to unnecessary availability issues and warning messages in the kernel when using virtual displays with AMD GPUs. While it doesn't pose a direct security threat, it can affect system stability and performance when using virtual display configurations (RedHat).

The issue has been fixed by modifying the tiling flag check logic to bypass the check when virtual display is enabled. The fix involves adding a condition to check adev->enablevirtualdisplay before performing the tiling flags check. Users should update to kernel version 5.15.29 or 5.16.15 or later to receive the fix (Kernel Patch).