PT-2022-5913 · Linux+8 · Linux Kernel+8

Jiasheng Jiang

·

Published

2022-01-05

·

Updated

2026-03-14

·

CVE-2022-3108

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions through 5.16-rc6
Description An issue was discovered in the Linux kernel where the function kfd parse subtype iolink in the module drivers/gpu/drm/amd/amdkfd/kfd crat.c lacks a check of the return value of the function kmemdup(). This issue can be exploited to cause a denial of service or potentially elevate privileges.
Recommendations For Linux kernel versions through 5.16-rc6, as a temporary workaround, consider disabling the kfd parse subtype iolink function until a patch is available. Restrict access to the vulnerable module drivers/gpu/drm/amd/amdkfd/kfd crat.c to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Unchecked Return Value

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-252

Related Identifiers

ALT-PU-2022-1093
ALT-PU-2022-1175
ALT-PU-2022-1647
ALT-PU-2022-2155
ALT-PU-2023-1684
ALT-PU-2023-1741
ALT-PU-2023-1814
ALT-PU-2023-4894
AZL-11609
BDU:2022-07329
CESA-2022_1975
CESA-2022_1988
CVE-2022-3108
OESA-2022-2161
OESA-2022-2162
OESA-2023-1034
OESA-2023-1036
OPENSUSE-SU-2023_0146-1
OPENSUSE-SU-2023_0147-1
OPENSUSE-SU-2023_0149-1
OPENSUSE-SU-2023_0152-1
OPENSUSE-SU-2023_0410-1
RHSA-2022:1975
RHSA-2022:1988
RHSA-2022:7933
RHSA-2022:8267
RHSA-2022_1975
RHSA-2022_1988
RHSA-2022_7933
RHSA-2022_8267
SUSE-SU-2023:0134-1
SUSE-SU-2023:0145-1
SUSE-SU-2023:0146-1
SUSE-SU-2023:0147-1
SUSE-SU-2023:0148-1
SUSE-SU-2023:0149-1
SUSE-SU-2023:0152-1
SUSE-SU-2023:0406-1
SUSE-SU-2023:0410-1
SUSE-SU-2023:0618-1
USN-6027-1
USN-6093-1
USN-6222-1
USN-6256-1

Affected Products

Alt Linux
Astra Linux
Centos
Debian
Linuxmint
Linux Kernel
Red Hat
Suse
Ubuntu