CVE-2022-49203: 
Linux Kernel vulnerability analysis and mitigation

In the Linux kernel, a double free vulnerability was discovered in the AMD display driver (drm/amd/display) during GPU reset operations on DC streams. The vulnerability was assigned CVE-2022-49203 and was resolved in February 2025. The issue specifically affects the GPU reset code path in the AMD display driver (Kernel Git).

The vulnerability occurs during the GPU reset process where the driver first backs up the current state before committing 0 streams internally from DM to DC. The backup state contains valid link encoder assignments. When DC clears the link encoder assignments as part of the current state, it frees the extra stream reference it holds. However, since the backup still has valid assignments, calling the interface post reset to clear them results in releasing the same reference again, leading to a double free condition and potentially a NULL pointer dereference (Kernel Git).

The double free vulnerability could potentially lead to memory corruption and system instability. In the specific case reported, it results in a NULL pointer dereference, which could cause system crashes or denial of service conditions (Kernel Git).

The issue has been fixed by modifying how link encoder assignments are handled during GPU reset. Instead of retaining the backed-up assignments, the fix implements copying from the current state's clean assignments after the reset occurs, using a new linkenccfg_copy() interface. This approach is valid since a full DC commit is required after GPU reset due to the stream count being set to 0 (Kernel Git).