CVE-2022-50303
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-50303
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50303.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-50303
- Downstream
- Related
- Published
- 2025-09-15T14:45:58Z
- Modified
- 2025-10-15T02:27:37.565458Z
- Summary
- drm/amdkfd: Fix double release compute pasid
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
drm/amdkfd: Fix double release compute pasid
If kfdprocessdeviceinitvm returns failure after vm is converted to compute vm and vm->pasid set to compute pasid, KFD will not take pdd->drm_file reference. As a result, drm close file handler maybe called to release the compute pasid before KFD process destroy worker to release the same pasid and set vm->pasid to zero, this generates below WARNING backtrace and NULL pointer access.
Add helper amdgpuamdkfdgpuvmsetvmpasid and call it at the last step of kfdprocessdeviceinitvm, to ensure vm pasid is the original pasid if acquiring vm failed or is the compute pasid with pdd->drmfile reference taken to avoid double release same pasid.
amdgpu: Failed to create process VM object idafree called for id=32770 which is not allocated. WARNING: CPU: 57 PID: 72542 at ../lib/idr.c:522 idafree+0x96/0x140 RIP: 0010:idafree+0x96/0x140 Call Trace: amdgpupasidfreedelayed+0xe1/0x2a0 [amdgpu] amdgpudriverpostclosekms+0x2d8/0x340 [amdgpu] drmfilefree.part.13+0x216/0x270 [drm] drmclosehelper.isra.14+0x60/0x70 [drm] drmrelease+0x6e/0xf0 [drm] fput+0xcc/0x280 fput+0xe/0x20 taskworkrun+0x96/0xc0 do_exit+0x3d0/0xc10
BUG: kernel NULL pointer dereference, address: 0000000000000000 RIP: 0010:idafree+0x76/0x140 Call Trace: amdgpupasidfreedelayed+0xe1/0x2a0 [amdgpu] amdgpudriverpostclosekms+0x2d8/0x340 [amdgpu] drmfilefree.part.13+0x216/0x270 [drm] drmclosehelper.isra.14+0x60/0x70 [drm] drmrelease+0x6e/0xf0 [drm] fput+0xcc/0x280 fput+0xe/0x20 taskworkrun+0x96/0xc0 do_exit+0x3d0/0xc10
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced4a488a7ad71401169cecee75dc94bcce642e2c53Fixed89f0d766c9e3fdeafbed6f855d433c2768cde862
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced4a488a7ad71401169cecee75dc94bcce642e2c53Fixeda02c07b619899179384fde06f951530438a3512d
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced4a488a7ad71401169cecee75dc94bcce642e2c53Fixed1a799c4c190ea9f0e81028e3eb3037ed0ab17ff5
Affected versions
v3.*
v3.18
v3.18-rc5
v3.18-rc6
v3.18-rc7
v3.19
v3.19-rc1
v3.19-rc2
v3.19-rc3
v3.19-rc4
v3.19-rc5
v3.19-rc6
v3.19-rc7
v4.*
v4.0
v4.0-rc1
v4.0-rc2
v4.0-rc3
v4.0-rc4
v4.0-rc5
v4.0-rc6
v4.0-rc7
v4.1
v4.1-rc1
v4.1-rc2
v4.1-rc3
v4.1-rc4
v4.1-rc5
v4.1-rc6
v4.1-rc7
v4.1-rc8
v4.10
v4.10-rc1
v4.10-rc2
v4.10-rc3
v4.10-rc4
v4.10-rc5
v4.10-rc6
v4.10-rc7
v4.10-rc8
v4.11
v4.11-rc1
v4.11-rc2
v4.11-rc3
v4.11-rc4
v4.11-rc5
v4.11-rc6
v4.11-rc7
v4.11-rc8
v4.12
v4.12-rc1
v4.12-rc2
v4.12-rc3
v4.12-rc4
v4.12-rc5
v4.12-rc6
v4.12-rc7
v4.13
v4.13-rc1
v4.13-rc2
v4.13-rc3
v4.13-rc4
v4.13-rc5
v4.13-rc6
v4.13-rc7
v4.14
v4.14-rc1
v4.14-rc2
v4.14-rc3
v4.14-rc4
v4.14-rc5
v4.14-rc6
v4.14-rc7
v4.14-rc8
v4.15
v4.15-rc1
v4.15-rc2
v4.15-rc3
v4.15-rc4
v4.15-rc5
v4.15-rc6
v4.15-rc7
v4.15-rc8
v4.15-rc9
v4.16
v4.16-rc1
v4.16-rc2
v4.16-rc3
v4.16-rc4
v4.16-rc5
v4.16-rc6
v4.16-rc7
v4.17
v4.17-rc1
v4.17-rc2
v4.17-rc3
v4.17-rc4
v4.17-rc5
v4.17-rc6
v4.17-rc7
v4.18
v4.18-rc1
v4.18-rc2
v4.18-rc3
v4.18-rc4
v4.18-rc5
v4.18-rc6
v4.18-rc7
v4.18-rc8
v4.19
v4.19-rc1
v4.19-rc2
v4.19-rc3
v4.19-rc4
v4.19-rc5
v4.19-rc6
v4.19-rc7
v4.19-rc8
v4.2
v4.2-rc1
v4.2-rc2
v4.2-rc3
v4.2-rc4
v4.2-rc5
v4.2-rc6
v4.2-rc7
v4.2-rc8
v4.20
v4.20-rc1
v4.20-rc2
v4.20-rc3
v4.20-rc4
v4.20-rc5
v4.20-rc6
v4.20-rc7
v4.3
v4.3-rc1
v4.3-rc2
v4.3-rc3
v4.3-rc4
v4.3-rc5
v4.3-rc6
v4.3-rc7
v4.4
v4.4-rc1
v4.4-rc2
v4.4-rc3
v4.4-rc4
v4.4-rc5
v4.4-rc6
v4.4-rc7
v4.4-rc8
v4.5
v4.5-rc1
v4.5-rc2
v4.5-rc3
v4.5-rc4
v4.5-rc5
v4.5-rc6
v4.5-rc7
v4.6
v4.6-rc1
v4.6-rc2
v4.6-rc3
v4.6-rc4
v4.6-rc5
v4.6-rc6
v4.6-rc7
v4.7
v4.7-rc1
v4.7-rc2
v4.7-rc3
v4.7-rc4
v4.7-rc5
v4.7-rc6
v4.7-rc7
v4.8
v4.8-rc1
v4.8-rc2
v4.8-rc3
v4.8-rc4
v4.8-rc5
v4.8-rc6
v4.8-rc7
v4.8-rc8
v4.9
v4.9-rc1
v4.9-rc2
v4.9-rc3
v4.9-rc4
v4.9-rc5
v4.9-rc6
v4.9-rc7
v4.9-rc8
v5.*
v5.0
v5.0-rc1
v5.0-rc2
v5.0-rc3
v5.0-rc4
v5.0-rc5
v5.0-rc6
v5.0-rc7
v5.0-rc8
v5.1
v5.1-rc1
v5.1-rc2
v5.1-rc3
v5.1-rc4
v5.1-rc5
v5.1-rc6
v5.1-rc7
v5.10
v5.10-rc1
v5.10-rc2
v5.10-rc3
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v5.2
v5.2-rc1
v5.2-rc2
v5.2-rc3
v5.2-rc4
v5.2-rc5
v5.2-rc6
v5.2-rc7
v5.3
v5.3-rc1
v5.3-rc2
v5.3-rc3
v5.3-rc4
v5.3-rc5
v5.3-rc6
v5.3-rc7
v5.3-rc8
v5.4
v5.4-rc1
v5.4-rc2
v5.4-rc3
v5.4-rc4
v5.4-rc5
v5.4-rc6
v5.4-rc7
v5.4-rc8
v5.5
v5.5-rc1
v5.5-rc2
v5.5-rc3
v5.5-rc4
v5.5-rc5
v5.5-rc6
v5.5-rc7
v5.6
v5.6-rc1
v5.6-rc2
v5.6-rc3
v5.6-rc4
v5.6-rc5
v5.6-rc6
v5.6-rc7
v5.7
v5.7-rc1
v5.7-rc2
v5.7-rc3
v5.7-rc4
v5.7-rc5
v5.7-rc6
v5.7-rc7
v5.8
v5.8-rc1
v5.8-rc2
v5.8-rc3
v5.8-rc4
v5.8-rc5
v5.8-rc6
v5.8-rc7
v5.9
v5.9-rc1
v5.9-rc2
v5.9-rc3
v5.9-rc4
v5.9-rc5
v5.9-rc6
v5.9-rc7
v5.9-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.0.1
v6.0.10
v6.0.11
v6.0.12
v6.0.13
v6.0.14
v6.0.15
v6.0.16
v6.0.17
v6.0.18
v6.0.2
v6.0.3
v6.0.4
v6.0.5
v6.0.6
v6.0.7
v6.0.8
v6.0.9
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.2
v6.1.3
v6.1.4
Database specific
{
"vanir_signatures": [
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "drivers/gpu/drm/amd/amdkfd/kfd_process.c"
},
"id": "CVE-2022-50303-648b896a",
"digest": {
"line_hashes": [
"64329985664839550682231671264602805211",
"254384901505800298682571239709868733298",
"202089849916636535701148163216545131062",
"176433253604082296687967163302568578715",
"289440089760729930121561829760789773018",
"252391471065172346878717740916232209022",
"38973794378122632382151534407302119173",
"227714534662757150208439856541790997009",
"257560424343669480806791839042194348690",
"173004047968172186473062864983552087555",
"36695527628398771808442862538939646592"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@89f0d766c9e3fdeafbed6f855d433c2768cde862"
},
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.h"
},
"id": "CVE-2022-50303-6a5e0d29",
"digest": {
"line_hashes": [
"170282277825431849347502601703653286465",
"123565875286371773129499043469988184575",
"116952217630015462766304457386772096858",
"286526509712424729362914574599823924282",
"296998111021808162130679692281464552152"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1a799c4c190ea9f0e81028e3eb3037ed0ab17ff5"
},
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.h"
},
"id": "CVE-2022-50303-6d6fd0ba",
"digest": {
"line_hashes": [
"170282277825431849347502601703653286465",
"123565875286371773129499043469988184575",
"116952217630015462766304457386772096858",
"286526509712424729362914574599823924282",
"296998111021808162130679692281464552152"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@89f0d766c9e3fdeafbed6f855d433c2768cde862"
},
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c"
},
"id": "CVE-2022-50303-724ed85f",
"digest": {
"line_hashes": [
"189419980777962651772886409433258889604",
"143763481985967216027924956454513533645",
"145593323282999541895534718011968969199",
"242273729838551754616818676949111104303",
"129292070147208692447485444209487886080",
"202789193881325097137347160242772759876",
"184341461742788755147036749193568506105",
"32070015188263455389378034631685383901",
"126253164070811125592762807985845698789",
"170709082789167097787753740014880735566",
"124911123527378891649879149783712997867",
"194324523451175754948154169515855785037",
"181534153484494348133726111821858247169",
"61516777659526015055012450362212361567",
"194008855733931707446715630707164489565",
"136237901956229543093412868910368731076",
"250612695414251975896300550937217625113",
"43051216624172849268245938905834078057",
"150491746832462782936578202701576188423",
"228791177854770512680921929042685925586",
"140767898993971950102834052940050021711"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@89f0d766c9e3fdeafbed6f855d433c2768cde862"
},
{
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c",
"function": "amdgpu_amdkfd_gpuvm_acquire_process_vm"
},
"id": "CVE-2022-50303-78ee1efb",
"digest": {
"length": 559.0,
"function_hash": "201263925028533981245970585190318552799"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@89f0d766c9e3fdeafbed6f855d433c2768cde862"
},
{
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "drivers/gpu/drm/amd/amdkfd/kfd_process.c",
"function": "kfd_process_device_init_vm"
},
"id": "CVE-2022-50303-7c28b7af",
"digest": {
"length": 732.0,
"function_hash": "8994493008839285885299319958344913401"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@89f0d766c9e3fdeafbed6f855d433c2768cde862"
},
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c"
},
"id": "CVE-2022-50303-7ce7850b",
"digest": {
"line_hashes": [
"189419980777962651772886409433258889604",
"143763481985967216027924956454513533645",
"145593323282999541895534718011968969199",
"242273729838551754616818676949111104303",
"129292070147208692447485444209487886080",
"202789193881325097137347160242772759876",
"184341461742788755147036749193568506105",
"32070015188263455389378034631685383901",
"126253164070811125592762807985845698789",
"170709082789167097787753740014880735566",
"124911123527378891649879149783712997867",
"194324523451175754948154169515855785037",
"181534153484494348133726111821858247169",
"61516777659526015055012450362212361567",
"194008855733931707446715630707164489565",
"136237901956229543093412868910368731076",
"250612695414251975896300550937217625113",
"43051216624172849268245938905834078057",
"150491746832462782936578202701576188423",
"228791177854770512680921929042685925586",
"140767898993971950102834052940050021711"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1a799c4c190ea9f0e81028e3eb3037ed0ab17ff5"
},
{
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c",
"function": "amdgpu_amdkfd_gpuvm_acquire_process_vm"
},
"id": "CVE-2022-50303-c4f57752",
"digest": {
"length": 559.0,
"function_hash": "201263925028533981245970585190318552799"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1a799c4c190ea9f0e81028e3eb3037ed0ab17ff5"
},
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "drivers/gpu/drm/amd/amdkfd/kfd_process.c"
},
"id": "CVE-2022-50303-cb1ec2ee",
"digest": {
"line_hashes": [
"64329985664839550682231671264602805211",
"254384901505800298682571239709868733298",
"202089849916636535701148163216545131062",
"176433253604082296687967163302568578715",
"289440089760729930121561829760789773018",
"252391471065172346878717740916232209022",
"38973794378122632382151534407302119173",
"227714534662757150208439856541790997009",
"257560424343669480806791839042194348690",
"173004047968172186473062864983552087555",
"36695527628398771808442862538939646592"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1a799c4c190ea9f0e81028e3eb3037ed0ab17ff5"
},
{
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "drivers/gpu/drm/amd/amdkfd/kfd_process.c",
"function": "kfd_process_device_init_vm"
},
"id": "CVE-2022-50303-d79e9176",
"digest": {
"length": 732.0,
"function_hash": "8994493008839285885299319958344913401"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1a799c4c190ea9f0e81028e3eb3037ed0ab17ff5"
}
]
}