CVE-2022-49365 – This is an off-by-one buffer overflow vulnerabi... (How to Fix)

Q: What is the severity of CVE-2022-49365?

CVE-2022-49365 has a CVSS score of 5.5 (MEDIUM). This is an off-by-one buffer overflow vulnerability in the AMD GPU driver for Linux kernels. It allows local attackers to potentially crash the system or execute arbitrary code with kernel privileges. Systems using AMD graphics cards with affected Linux kernel versions are vulnerable.

📋 TL;DR

This is an off-by-one buffer overflow vulnerability in the AMD GPU driver for Linux kernels. It allows local attackers to potentially crash the system or execute arbitrary code with kernel privileges. Systems using AMD graphics cards with affected Linux kernel versions are vulnerable.

💻 Affected Systems

Products:

Linux kernel with AMD GPU driver (amdgpu)

Versions: Linux kernel versions before the fix commits (specific versions vary by distribution)

Operating Systems: Linux distributions with affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires AMD GPU hardware and the amdgpu driver to be loaded and active.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to kernel-level code execution, allowing complete system compromise.

🟠

Likely Case

Kernel panic leading to system crash and denial of service.

🟢

If Mitigated

System crash requiring reboot, but no privilege escalation due to additional security controls.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring access to the system.

🏢 Internal Only: MEDIUM - Local users or compromised accounts could exploit this for privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and knowledge of kernel exploitation techniques. The vulnerability is in a specific interrupt handler function.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel with commits 607c5cd1a08e, a35faec3db0e, b0808b7a0415, or ec9ec3bc08b1

Vendor Advisory: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=607c5cd1a08e196d9f2bd3b25a8083ed27ad7ceb

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable AMD GPU driver

linux

Temporarily disable the vulnerable amdgpu kernel module

sudo modprobe -r amdgpu
echo 'blacklist amdgpu' | sudo tee /etc/modprobe.d/blacklist-amdgpu.conf

🧯 If You Can't Patch

Restrict local user access to systems with AMD GPUs
Implement strict privilege separation and limit sudo/root access

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if amdgpu module is loaded: uname -r && lsmod | grep amdgpu

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated and contains the fix commit: uname -r && zgrep -i '607c5cd1a08e\|a35faec3db0e\|b0808b7a0415\|ec9ec3bc08b1' /proc/config.gz 2>/dev/null || echo 'Check distribution kernel changelog'

📡 Detection & Monitoring

Log Indicators:

Kernel oops messages in /var/log/kern.log or dmesg
System crashes or reboots

Network Indicators:

None - local vulnerability only

SIEM Query:

source="kernel" AND ("Oops" OR "general protection fault" OR "kernel panic") AND process="dm_dmub_outbox1_low_irq"

📊 Metadata

CVE ID: CVE-2022-49365

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-193

EPSS Score: 0.04% exploit probability (10.5th percentile)

Published: February 26, 2025

Last Updated: October 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49365, you might also want to check these: