CVE-2022-48990
📋 TL;DR
This CVE describes a use-after-free vulnerability in the AMD GPU driver within the Linux kernel. An attacker could potentially exploit this during GPU recovery operations to cause a kernel crash or possibly execute arbitrary code. This affects Linux systems with AMD GPUs using the amdgpu driver.
💻 Affected Systems
- Linux kernel with AMD GPU driver (amdgpu)
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash or potential arbitrary code execution with kernel privileges, resulting in complete system compromise.
Likely Case
System instability, kernel crashes, or denial of service during GPU-intensive operations or recovery scenarios.
If Mitigated
System remains stable with proper patching; unpatched systems may experience crashes during GPU operations.
🎯 Exploit Status
Exploitation requires triggering GPU recovery operations, which may require specific conditions or privileged access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits 3cb93f390453cde4d6afda1587aaa00e75e09617 or d2a89cd942edd50c1e652004fd64019be78b0a96
Vendor Advisory: https://git.kernel.org/stable/c/3cb93f390453cde4d6afda1587aaa00e75e09617
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable GPU recovery features
linuxPrevent GPU recovery operations that trigger the vulnerability
echo 0 > /sys/module/amdgpu/parameters/gpu_recovery
🧯 If You Can't Patch
- Restrict GPU access to trusted users only
- Monitor system logs for GPU recovery events and crashes
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if amdgpu module is loaded: lsmod | grep amdgpu && uname -rCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits or is newer than affected versions📡 Detection & Monitoring
Log Indicators:
- Kernel logs showing 'refcount_t: underflow; use-after-free'
- GPU recovery messages in dmesg
- System crashes during GPU operations
Network Indicators:
- None - this is a local vulnerability
SIEM Query:
source="kernel" AND ("refcount_t: underflow" OR "use-after-free" OR "amdgpu_job_free_cb")