[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Security sensitive bug in the i915 kernel driver (CVE-2022-4139)
From: Andrzej Hajda <andrzej.hajda () intel ! com>
Date: 2022-11-30 10:22:16
Message-ID: c9089e54-bc0d-773c-233e-d63980ad49d4 () intel ! com
[Download RAW message or body]
Hi all,
[This is a public disclosure of an issue reported 7 days ago to
linux-distros@vs.openwall.org. CVE-2022-4139 has been assigned to the
issue since.]
Incorrect GPU TLB flush code has been discovered in i915 kernel driver.
In some cases (Gen12 hardware with specific types of engine) the
engine's TLB is not flushed at all.
Depending on whether the GPU is running behind an active IOMMU there are
two possible scenarios which can happen, due to stale TLB mapping:
1. Without IOMMU - GPU can still access physical memory which could be
already assigned by OS to different process.
2. With IOMMU - GPU can access any memory, if the malicious process is
able to create/reuse necessary IOMMU mappings.
It is currently not known if specific memory could be targeted, but
random memory corruption or data leaks are a known possibility.
All Intel integrated and discrete GPUs Gen12 are affected, including
Tiger Lake, Rocket Lake, Alder Lake, DG1, Raptor Lake, DG2, Arctic
Sound, Meteor Lake.
Fix has already been developed and consists of fixing the method of
writing to specific registers.
I am attaching a set of back-ported patches which implement the fix for
all affected stable branches (all since 5.4).
This vulnerability has similar impact as CVE-2022-0330[1].
I will try to follow Linux Security Process[2]. So I hope to send the
fix for public mailing list after 7 days.
[1]:https://nvd.nist.gov/vuln/detail/cve-2022-0330
[2]:https://www.kernel.org/doc/html/latest/admin-guide/security-bugs.html
Regards
Andrzej
["media-tlb.tar" (application/x-tar)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic