CVE-2022-50535
MEDIUMCVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3Description
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential null-deref in dm_resume [Why] Fixing smatch error: dm_resume() error: we previously assumed 'aconnector->dc_link' could be null [How] Check if dc_link null at the beginning of the loop, so further checks can be dropped.
Analysis
A null pointer dereference vulnerability exists in the Linux kernel's AMD display driver (drm/amd/display) within the dm_resume() function, where the aconnector->dc_link pointer is dereferenced without proper null checks. An unprivileged local attacker with user-level access can trigger a kernel panic and cause a denial of service by inducing a display resume operation. While the CVSS score is moderate (5.5) and EPSS exploitation probability is very low (0.01%), this vulnerability is straightforward to trigger given local access and affects all Linux kernel versions with the vulnerable AMD display driver code.
Technical Context
The vulnerability resides in the AMD display subsystem driver (drivers/gpu/drm/amd/display) of the Linux kernel, specifically in the dm_resume() function which handles display resumption operations during power management transitions. The root cause is classified as CWE-476 (Null Pointer Dereference), a memory safety issue where code attempts to access members of a null pointer without first validating the pointer's state. The vulnerable code path iterates through aconnector objects and accesses the dc_link member without checking if it has been initialized to a non-null value, leading to a kernel-level crash when the null pointer is dereferenced. This affects the Display Core Link (dc_link) abstraction layer used for managing display connections in AMD graphics processing units.
Affected Products
The Linux kernel is affected across multiple stable and development versions, as indicated by CPE designations (cpe:2.3:o:linux:linux_kernel). The vulnerability impacts all kernel versions containing the vulnerable dm_resume() function in the AMD display driver until patched. The fix has been backported to stable kernel branches via multiple commits (7a7175a2cd84b7874bebbf8e59f134557a34161b, 00b655fa96b4e941351cc4bf5ca755a65ae94a8e, 8e365f1bd672cc9320a936f6ae6f8087aa40e9bc, 9f73793b81637c60ccc83cc508645310b8ab7d80, bb9a5562beb982aa5ebb73c521c49596ff8b8030, d236103782de25736996a45bd36ac2a89bdc93c6, and fd79b61af2782f8875c78f50cdb8630ec43e2990 in git.kernel.org). Systems using AMD Radeon graphics with the Display Core (DC) driver enabled are affected. The patches are available from the Linux kernel stable repositories.
Remediation
Update the Linux kernel to a patched version containing one of the available fixes from the kernel.org stable repositories, with the primary fix commit being 7a7175a2cd84b7874bebbf8e59f134557a34161b or later versions. Identify the specific kernel version in use on affected systems and apply the corresponding stable kernel update (e.g., kernel 5.10.x, 5.15.x, 5.16.x, or newer depending on the distribution's support lifecycle). For systems unable to immediately patch, disable AMD display power management features if possible through kernel parameters or BIOS settings, though this may degrade power efficiency. Monitor kernel logs for null pointer dereference warnings in the amdgpu or display driver modules as an interim detection method. Distributions including Fedora, Ubuntu, Debian, and RHEL should receive kernel updates through their standard update channels; verify patch inclusion in kernel release notes before applying updates.
Priority Score
Vendor Status
Share
External POC / Exploit Code
Leaving vuln.today