{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2022-50844", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-12-30T12:06:07.133Z", "datePublished": "2025-12-30T12:11:01.928Z", "dateUpdated": "2025-12-30T12:11:01.928Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-12-30T12:11:01.928Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix type of second parameter in odn_edit_dpm_table() callback\n\nWith clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG),\nindirect call targets are validated against the expected function\npointer prototype to make sure the call target is valid to help mitigate\nROP attacks. If they are not identical, there is a failure at run time,\nwhich manifests as either a kernel panic or thread getting killed. A\nproposed warning in clang aims to catch these at compile time, which\nreveals:\n\n drivers/gpu/drm/amd/amdgpu/../pm/swsmu/amdgpu_smu.c:3008:29: error: incompatible function pointer types initializing 'int (*)(void *, uint32_t, long *, uint32_t)' (aka 'int (*)(void *, unsigned int, long *, unsigned int)') with an expression of type 'int (void *, enum PP_OD_DPM_TABLE_COMMAND, long *, uint32_t)' (aka 'int (void *, enum PP_OD_DPM_TABLE_COMMAND, long *, unsigned int)') [-Werror,-Wincompatible-function-pointer-types-strict]\n .odn_edit_dpm_table = smu_od_edit_dpm_table,\n ^~~~~~~~~~~~~~~~~~~~~\n 1 error generated.\n\nThere are only two implementations of ->odn_edit_dpm_table() in 'struct\namd_pm_funcs': smu_od_edit_dpm_table() and pp_odn_edit_dpm_table(). One\nhas a second parameter type of 'enum PP_OD_DPM_TABLE_COMMAND' and the\nother uses 'u32'. Ultimately, smu_od_edit_dpm_table() calls\n->od_edit_dpm_table() from 'struct pptable_funcs' and\npp_odn_edit_dpm_table() calls ->odn_edit_dpm_table() from 'struct\npp_hwmgr_func', which both have a second parameter type of 'enum\nPP_OD_DPM_TABLE_COMMAND'.\n\nUpdate the type parameter in both the prototype in 'struct amd_pm_funcs'\nand pp_odn_edit_dpm_table() to 'enum PP_OD_DPM_TABLE_COMMAND', which\ncleans up the warning."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/amd/include/kgd_pp_interface.h", "drivers/gpu/drm/amd/pm/powerplay/amd_powerplay.c"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "9606bbc271ac86c266d1f4a0285dd69b3fda2d0f", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "f9084e9930db562bdcd47fa199a66fb45e16dab5", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "24cba9d865157c9e23128fbcf8b86f5da9570edd", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "36217f676b55932a12d6732c95388150015fdee6", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "e4d0ef752081e7aa6ffb7ccac11c499c732a2e05", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/amd/include/kgd_pp_interface.h", "drivers/gpu/drm/amd/pm/powerplay/amd_powerplay.c"], "versions": [{"version": "5.10.163", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.86", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.0.16", "lessThanOrEqual": "6.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.2", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.2", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.10.163"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.15.86"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.0.16"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.1.2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.2"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/9606bbc271ac86c266d1f4a0285dd69b3fda2d0f"}, {"url": "https://git.kernel.org/stable/c/f9084e9930db562bdcd47fa199a66fb45e16dab5"}, {"url": "https://git.kernel.org/stable/c/24cba9d865157c9e23128fbcf8b86f5da9570edd"}, {"url": "https://git.kernel.org/stable/c/36217f676b55932a12d6732c95388150015fdee6"}, {"url": "https://git.kernel.org/stable/c/e4d0ef752081e7aa6ffb7ccac11c499c732a2e05"}], "title": "drm/amdgpu: Fix type of second parameter in odn_edit_dpm_table() callback", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix type of second parameter in odn_edit_dpm_table() callback\n\nWith clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG),\nindirect call targets are validated against the expected function\npointer prototype to make sure the call target is valid to help mitigate\nROP attacks. If they are not identical, there is a failure at run time,\nwhich manifests as either a kernel panic or thread getting killed. A\nproposed warning in clang aims to catch these at compile time, which\nreveals:\n\n drivers/gpu/drm/amd/amdgpu/../pm/swsmu/amdgpu_smu.c:3008:29: error: incompatible function pointer types initializing 'int (*)(void *, uint32_t, long *, uint32_t)' (aka 'int (*)(void *, unsigned int, long *, unsigned int)') with an expression of type 'int (void *, enum PP_OD_DPM_TABLE_COMMAND, long *, uint32_t)' (aka 'int (void *, enum PP_OD_DPM_TABLE_COMMAND, long *, unsigned int)') [-Werror,-Wincompatible-function-pointer-types-strict]\n .odn_edit_dpm_table = smu_od_edit_dpm_table,\n ^~~~~~~~~~~~~~~~~~~~~\n 1 error generated.\n\nThere are only two implementations of ->odn_edit_dpm_table() in 'struct\namd_pm_funcs': smu_od_edit_dpm_table() and pp_odn_edit_dpm_table(). One\nhas a second parameter type of 'enum PP_OD_DPM_TABLE_COMMAND' and the\nother uses 'u32'. Ultimately, smu_od_edit_dpm_table() calls\n->od_edit_dpm_table() from 'struct pptable_funcs' and\npp_odn_edit_dpm_table() calls ->odn_edit_dpm_table() from 'struct\npp_hwmgr_func', which both have a second parameter type of 'enum\nPP_OD_DPM_TABLE_COMMAND'.\n\nUpdate the type parameter in both the prototype in 'struct amd_pm_funcs'\nand pp_odn_edit_dpm_table() to 'enum PP_OD_DPM_TABLE_COMMAND', which\ncleans up the warning."}], "id": "CVE-2022-50844", "lastModified": "2025-12-30T13:15:59.013", "metrics": {}, "published": "2025-12-30T13:15:59.013", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/24cba9d865157c9e23128fbcf8b86f5da9570edd"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/36217f676b55932a12d6732c95388150015fdee6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9606bbc271ac86c266d1f4a0285dd69b3fda2d0f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/e4d0ef752081e7aa6ffb7ccac11c499c732a2e05"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f9084e9930db562bdcd47fa199a66fb45e16dab5"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{}

{}