CVE-2022-49530
Published: 26 February 2025
Summary
CVE-2022-49530 is a high-severity Double Free (CWE-415) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 3.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2022-49530 is a double free vulnerability in the Linux kernel's DRM/AMD power management subsystem, specifically within the si_parse_power_table() function. The flaw occurs during allocation of the array adev->pm.dpm.ps and its members; if a member allocation fails, the array is freed and an error is returned, but the array is freed again in the si_dpm_fini() function. This results in a double free of the array, along with potential memory leaks of array members (which are not freed), and risks of use-after-free or uninitialized access due to adev->pm.dpm.num_ps not being updated until successful allocation.
A local attacker with low privileges can exploit this vulnerability (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, score 7.8; CWE-415). By triggering the power table parsing code path, such as during AMD GPU initialization or related operations, the attacker can induce the double free and associated memory corruptions, potentially leading to high-impact confidentiality, integrity, and availability violations, including system crashes, data leaks, or privilege escalation.
Mitigation is provided through Linux kernel stable patches, as detailed in the referenced commits (e.g., https://git.kernel.org/stable/c/2615464854505188f909d0c07c37a6623693b5c7 and others). These fixes postpone the array free until si_dpm_fini(), ensure array members are properly managed, and increment adev->pm.dpm.num_ps only after successful allocations, preventing the double free, leaks, and related issues. Affected systems should update to kernels incorporating these commits.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-54700
Vulnerability details
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix double free in si_parse_power_table() In function si_parse_power_table(), array adev->pm.dpm.ps and its member is allocated. If the allocation of each member fails, the array itself is freed and returned…
more
with an error code. However, the array is later freed again in si_dpm_fini() function which is called when the function returns an error. This leads to potential double free of the array adev->pm.dpm.ps, as well as leak of its array members, since the members are not freed in the allocation function and the array is not nulled when freed. In addition adev->pm.dpm.num_ps, which keeps track of the allocated array member, is not updated until the member allocation is successfully finished, this could also lead to either use after free, or uninitialized variable access in si_dpm_fini(). Fix this by postponing the free of the array until si_dpm_fini() and increment adev->pm.dpm.num_ps everytime the array member is allocated.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Double-free in kernel DRM/AMD PM code enables local memory corruption leading directly to privilege escalation (CWE-415, high-impact local exploit path).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely remediation of the double free flaw in si_parse_power_table via application of Linux kernel stable patches.
Facilitates identification of CVE-2022-49530 through periodic vulnerability scanning of kernel versions and components.
Mandates secure error handling for allocation failures to avoid premature array freeing and subsequent double free in error paths.