CVE-2022-49137

drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj This issue takes place in an error path in amdgpu_cs_fence_to_handle_ioctl(). When `info->in.what` falls into default case, the function simply returns -EINVAL, forgetting to decrement the reference count of a dma_fence obj, which is bumped earlier by amdgpu_cs_get_fence(). This may result in reference count leaks. Fix it by decreasing the refcount of specific object before returning the error code.

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/72d77ddb2224ebc00648f4f78f8a9a259dccbdf7 patch
https://git.kernel.org/stable/c/4009f104b02b223d1a11d74b36b1cc083bc37028 patch
https://git.kernel.org/stable/c/927beb05aaa429c883cc0ec6adc48964b187e291 patch
https://git.kernel.org/stable/c/3edd8646cb7c11b57c90e026bda6f21076223f5b patch
https://git.kernel.org/stable/c/b6d1f7d97c81ebaf2cda9c4c943ee2e484fffdcf patch
https://git.kernel.org/stable/c/bc2d5c0775c839e2b072884f4ee6a93ba410f107 patch
https://git.kernel.org/stable/c/dfced44f122c500004a48ecc8db516bb6a295a1b patch

Frequently Asked Questions

What is the severity of CVE-2022-49137?
CVE-2022-49137 has been scored as a medium severity vulnerability.
How to fix CVE-2022-49137?
To fix CVE-2022-49137, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-49137 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-49137 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-49137?
CVE-2022-49137 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.