Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-49137
CVE-2022-49137:
Linux Kernel vulnerability analysis and mitigation
Overview
CVE-2022-49137 is a vulnerability in the Linux kernel affecting the AMD GPU driver (amdgpu). The issue was discovered in the amdgpucsfencetohandleioctl() function where a reference count leak of a dmafence object occurs (Debian Security).
Technical details
The vulnerability occurs in an error path within the amdgpucsfencetohandleioctl() function. When info->in.what falls into the default case, the function returns -EINVAL without decrementing the reference count of a dmafence object that was previously incremented by amdgpucsgetfence(). This results in a reference count leak of the dmafence object (Kernel Git).
Impact
The vulnerability can lead to memory leaks in the Linux kernel when handling AMD GPU operations, potentially affecting system stability and resource management (NVD).
Mitigation and workarounds
The issue has been fixed by adding a dmafenceput(fence) call before returning the error code in the default case of the switch statement. The fix has been implemented in various Linux kernel versions including 5.10.234-1 for Debian bullseye and 6.1.129-1 for Debian bookworm (Debian Security).
Additional resources
Source: This report was generated using AI
Related Linux Kernel vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management