Linux 6.0.11/5.15.81/5.10.157 Released

Linux core developer Greg Kroah-Hartman (Greg Kroah-Hartman) today released maintenance updates for three major versions of Linux 6.0.11Linux 5.15.81 and  Linux 5.10.157. This update mitigates the recently disclosed i915 driver security issue, which affects everything from Tigerlake integrated graphics to DG2 / Alchemist Arc's Intel "Gen12" graphics.

The CVE-2022-4139 vulnerability discovered earlier this week is a security vulnerability around GPU TLB flushing. In some cases (Gen12 hardware with certain types of engines), the engine's TLB is not flushed. A local attacker could exploit this vulnerability to elevate privileges on the problematic device to execute arbitrary code.

The seclists page shows that the vulnerability depends on whether the GPU is running behind an active IOMMU. There are two possible situations that can occur:

  • No IOMMU - GPU can still access physical memory which may have been allocated to different processes by OS.
  • Has IOMMU - GPU can access any memory if malicious process is able to create/reuse necessary IOMMU mapping.

In an announcement dated November 30, 2022, Red Hat said: "An incorrect TLB flushing issue was identified in the Linux kernel's GPU i915 kernel driver that could lead to random memory corruption or data disclosure. This vulnerability could allow Local users crash the system or elevate their privileges on the system".

All Intel integrated graphics and discrete graphics Gen12 are affected, including Tiger Lake, Rocket Lake, Alder Lake, DG1, Raptor Lake, DG2, Arctic Sound, Meteor Lake.

"drm/i915: Fix TLB invalidation for Gen12 video and compute engines" in the changelog for Linux 6.0.11Linux 5.15.81 and  Linux 5.10.157 released today .

Post a Comment