CVE-2022-48990

[Why] [ 754.862560] refcountt: underflow; use-after-free. [ 754.862898] Call Trace: [ 754.862903] <TASK> [ 754.862913] amdgpujobfreecb+0xc2/0xe1 [amdgpu] [ 754.863543] drmschedmain.cold+0x34/0x39 [amd_sched]

[How] The fwfence may be not init, check whether dmafence_init is performed before job free

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

f6a3f66063ca39e7ee5fcee59e889c5ec4de9dc0

Fixed

d2a89cd942edd50c1e652004fd64019be78b0a96

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

f6a3f66063ca39e7ee5fcee59e889c5ec4de9dc0

Fixed

3cb93f390453cde4d6afda1587aaa00e75e09617

Affected versions

v5.*

v5.19

v5.19-rc7

v5.19-rc8

v6.*

v6.0

v6.0-rc1

v6.0-rc2

v6.0-rc3

v6.0-rc4

v6.0-rc5

v6.0-rc6

v6.0-rc7

v6.0.1

v6.0.10

v6.0.11

v6.0.12

v6.0.2

v6.0.3

v6.0.4

v6.0.5

v6.0.6

v6.0.7

v6.0.8

v6.0.9

v6.1-rc1

v6.1-rc2

v6.1-rc3

v6.1-rc4

v6.1-rc5

v6.1-rc6

Database specific

vanir_signatures

[
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3cb93f390453cde4d6afda1587aaa00e75e09617",
        "target": {
            "file": "drivers/gpu/drm/amd/amdgpu/amdgpu_job.c"
        },
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2022-48990-6d85d8bf",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "81279148629651947790238421550277526960",
                "163983615396678042619695775666555704237",
                "308562224301576103893410683813241898758",
                "328075285265088662740150798409672880847"
            ]
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d2a89cd942edd50c1e652004fd64019be78b0a96",
        "target": {
            "file": "drivers/gpu/drm/amd/amdgpu/amdgpu_job.c"
        },
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2022-48990-8b277bf8",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "81279148629651947790238421550277526960",
                "163983615396678042619695775666555704237",
                "87617569192794592565578578470707979471",
                "50580326373278104082273072462998850866"
            ]
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d2a89cd942edd50c1e652004fd64019be78b0a96",
        "target": {
            "function": "amdgpu_job_free_cb",
            "file": "drivers/gpu/drm/amd/amdgpu/amdgpu_job.c"
        },
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2022-48990-d237816f",
        "signature_type": "Function",
        "digest": {
            "length": 196.0,
            "function_hash": "53600248370532678020792909522901104680"
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3cb93f390453cde4d6afda1587aaa00e75e09617",
        "target": {
            "function": "amdgpu_job_free_cb",
            "file": "drivers/gpu/drm/amd/amdgpu/amdgpu_job.c"
        },
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2022-48990-e2920905",
        "signature_type": "Function",
        "digest": {
            "length": 196.0,
            "function_hash": "53600248370532678020792909522901104680"
        }
    }
]

CVE-2022-48990

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Affected versions

v5.*

v6.*

Database specific

vanir_signatures

Linux / Kernel

Package

Affected ranges