CVE-2022-49335

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.10.81

Description A vulnerability in the Linux kernel has been resolved, specifically in the drm/amdgpu/cs module. The issue occurs when a command with 0 chunks is submitted, causing a kernel NULL pointer dereference. This can lead to an oops later, found when trying to execute the wrong userspace driver. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations For Linux kernel version 5.10.81 and earlier, update to a newer version to mitigate the risk. As a temporary workaround, consider disabling the amdgpu cs ioctl function until a patch is available. Restrict access to the vulnerable module drm to minimize the risk of exploitation. Avoid using the MESA LOADER DRIVER OVERRIDE parameter in the affected API endpoint until the issue is resolved.