CVE-2022-50617

Vulnerability

Analysis

CVE-2022-50617 describes a memory leak in the Linux kernel's AMDGPU DRM driver, specifically within the powerplay state management (psm) subsystem. The root cause is a missing cleanup in the power state initialization function. When the function fails to retrieve an early return due to a failure to retrieve an entry from the powerplay table, it fails to free the memory that was previously allocated for the current power state. This was introduced by commit 902bc65de0b3, which added the early return but omitted the corresponding kfree() call [1][2].

Exploitation

This vulnerability is triggered during the initialization of the GPU power state, which occurs when the amdgpu driver loads. An attacker would need to have local access to the system and the ability to trigger driver initialization, for example by hotplugging a GPU or reloading the driver module. No special privileges beyond normal user access to trigger the driver are required, but the system must have an AMD GPU using the amdgpu driver. The bug is a memory leak, not a buffer overflow, so exploitation is limited to causing a denial of service by exhausting kernel memory over time.

Impact

An attacker who can repeatedly trigger the driver initialization could cause a gradual depletion of kernel memory, leading to system instability or a denial of service. The leak is small per occurrence, but repeated triggers could exhaust memory. There is no evidence of code execution or privilege escalation from this vulnerability.

Mitigation

The fix was applied in the Linux kernel stable tree with commits 1caed03305b560b and 7cb893264443 [1][2]. Users should update to a kernel version containing these patches. No workaround is available other than avoiding the trigger conditions.