CVE-2022-50527
BaseFortify
Publication date: 2025-10-07
Last updated on: 2026-03-17
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 6.1 (inc) to 6.1.5 (inc) |
| linux | kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is in the Linux kernel's amdgpu driver, specifically in the drm/amdgpu component. It involves improper size validation in the function amdgpu_bo_validate_size() when handling non-exclusive memory domains. The issue occurs because the function does not properly check if the TTM domain manager for the requested memory exists, which can lead to a kernel oops (crash) when dereferencing a null pointer. The fix involves adding checks to ensure the manager pointer is not NULL and handling uninitialized GTT domains properly.
How can this vulnerability impact me? :
This vulnerability can cause the Linux kernel to crash (kernel oops) when the amdgpu driver attempts to validate memory sizes without proper checks. This can lead to system instability or denial of service on affected systems using the amdgpu driver.