{"id":"CVE-2022-50303","summary":"drm/amdkfd: Fix double release compute pasid","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Fix double release compute pasid\n\nIf kfd_process_device_init_vm returns failure after vm is converted to\ncompute vm and vm-\u003epasid set to compute pasid, KFD will not take\npdd-\u003edrm_file reference. As a result, drm close file handler maybe\ncalled to release the compute pasid before KFD process destroy worker to\nrelease the same pasid and set vm-\u003epasid to zero, this generates below\nWARNING backtrace and NULL pointer access.\n\nAdd helper amdgpu_amdkfd_gpuvm_set_vm_pasid and call it at the last step\nof kfd_process_device_init_vm, to ensure vm pasid is the original pasid\nif acquiring vm failed or is the compute pasid with pdd-\u003edrm_file\nreference taken to avoid double release same pasid.\n\n amdgpu: Failed to create process VM object\n ida_free called for id=32770 which is not allocated.\n WARNING: CPU: 57 PID: 72542 at ../lib/idr.c:522 ida_free+0x96/0x140\n RIP: 0010:ida_free+0x96/0x140\n Call Trace:\n  amdgpu_pasid_free_delayed+0xe1/0x2a0 [amdgpu]\n  amdgpu_driver_postclose_kms+0x2d8/0x340 [amdgpu]\n  drm_file_free.part.13+0x216/0x270 [drm]\n  drm_close_helper.isra.14+0x60/0x70 [drm]\n  drm_release+0x6e/0xf0 [drm]\n  __fput+0xcc/0x280\n  ____fput+0xe/0x20\n  task_work_run+0x96/0xc0\n  do_exit+0x3d0/0xc10\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n RIP: 0010:ida_free+0x76/0x140\n Call Trace:\n  amdgpu_pasid_free_delayed+0xe1/0x2a0 [amdgpu]\n  amdgpu_driver_postclose_kms+0x2d8/0x340 [amdgpu]\n  drm_file_free.part.13+0x216/0x270 [drm]\n  drm_close_helper.isra.14+0x60/0x70 [drm]\n  drm_release+0x6e/0xf0 [drm]\n  __fput+0xcc/0x280\n  ____fput+0xe/0x20\n  task_work_run+0x96/0xc0\n  do_exit+0x3d0/0xc10","modified":"2026-03-20T11:47:22.895492Z","published":"2025-09-15T14:45:58.735Z","related":["SUSE-SU-2025:03615-1","SUSE-SU-2025:3761-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50303.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/1a799c4c190ea9f0e81028e3eb3037ed0ab17ff5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/89f0d766c9e3fdeafbed6f855d433c2768cde862"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a02c07b619899179384fde06f951530438a3512d"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50303.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-50303"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"88f7f88159bcdff96b2a5d244b26c8ba99b5e773"},{"fixed":"89f0d766c9e3fdeafbed6f855d433c2768cde862"},{"fixed":"a02c07b619899179384fde06f951530438a3512d"},{"fixed":"1a799c4c190ea9f0e81028e3eb3037ed0ab17ff5"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50303.json"}}],"schema_version":"1.7.5"}