CVE-2022-49864: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49864 is a vulnerability discovered in the Linux kernel, specifically affecting the AMD Kernel Fusion Driver (AMDKFD) component. The vulnerability was published on May 1, 2025, and involves a NULL pointer dereference in the svmmigratetoram() function located in the drivers/gpu/drm/amd/amdkfd/kfdmigrate.c file at lines 985:58-62 (NVD CVE, Wiz Report).

The vulnerability is characterized by a NULL pointer dereference bug in the AMD Kernel Fusion Driver's memory migration functionality. The issue occurs when the variable 'p' is dereferenced while being NULL in the svmmigrateto_ram() function. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD CVE).

The NULL pointer dereference vulnerability can result in system crashes or denial of service conditions, potentially affecting system stability and availability for systems using the AMD Kernel Fusion Driver (Wiz Report).

The vulnerability has been patched in various Linux kernel versions. Debian has addressed this in version 6.1.129-1 for bookworm and 6.1.135-1 for bookworm (security). Ubuntu has released fixes in version 5.15.0-67.74 for 22.04 LTS and 5.15.0-1031.35 for 20.04 LTS (Debian Tracker, Ubuntu Security).