CVE-2022-49530

Summary

CVE-2022-49530 is a vulnerability in the Linux kernel that affects the drm/amd/pm driver. In the function si_parse_power_table(), an array and its member are allocated, but if the allocation of the member fails, the array is freed with an error. However, the array is later freed again in the si_dpm_fini() function, resulting in a potential double free and a leak of array members. Furthermore, the number of allocated array members is not updated until after the successful allocation, leading to potential use after free or uninitialized variable access. This issue has been resolved by postponing the free of the array until si_dpm_fini() and incrementing adev->pm.dpm.num_ps every time a new array member is allocated.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.