The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object.
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2090708]
There was no shipped kernel version that was seen affected by this problem. These files are not built in our source code.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-1419
This was fixed for Fedora with the 5.5.5 stable kernel updates.