CVE-2022-49971
📋 TL;DR
This CVE describes a memory leak vulnerability in the AMD GPU driver within the Linux kernel. When the GPU metrics table allocation isn't properly freed during driver cleanup, it causes gradual memory consumption. This affects Linux systems with AMD graphics hardware using the vulnerable driver version.
💻 Affected Systems
- Linux kernel with AMD GPU driver (drm/amd/pm)
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Sustained exploitation could lead to kernel memory exhaustion, causing system instability, crashes, or denial of service on affected systems.
Likely Case
Gradual memory consumption over time during GPU driver operations, potentially leading to performance degradation or system instability after extended use.
If Mitigated
Minimal impact with proper memory management and system monitoring in place.
🎯 Exploit Status
Exploitation requires local access and ability to trigger GPU driver operations repeatedly to cause memory exhaustion.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patched in Linux kernel stable releases via commits 4b25bdb54578f3b96ff055e5d27bc1cb82950e51 and 5afb76522a0af0513b6dc01f84128a73206b051b
Vendor Advisory: https://git.kernel.org/stable/c/4b25bdb54578f3b96ff055e5d27bc1cb82950e51
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. Reboot system. 3. Verify kernel version and that AMD GPU driver loads correctly.
🔧 Temporary Workarounds
Disable AMD GPU driver
linuxPrevent loading of vulnerable driver module if AMD GPU not required
echo 'blacklist amdgpu' >> /etc/modprobe.d/blacklist.conf
update-initramfs -u
reboot
🧯 If You Can't Patch
- Monitor system memory usage and restart systems showing abnormal memory consumption
- Restrict local user access to systems with vulnerable drivers
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if AMD GPU driver is loaded: lsmod | grep amdgpu && uname -rCheck Version:
uname -rVerify Fix Applied:
Verify kernel is updated to patched version and AMD GPU driver functions normally📡 Detection & Monitoring
Log Indicators:
- Kernel oom-killer messages
- System memory exhaustion warnings
- AMD GPU driver error messages
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("oom" OR "out of memory" OR "amdgpu")