CVE-2022-4139 : An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel d

An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system.

Published 2023-01-27 18:15:16

Updated 2023-05-12 13:28:40

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Memory Corruption

Products affected by CVE-2022-4139

Linux » Linux Kernel
Versions from including (>=) 5.4 and before (<) 5.4.226
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.5 and before (<) 5.10.157
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.11 and before (<) 5.15.81
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.16 and before (<) 6.0.11
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 6.1 Update RC5
cpe:2.3:o:linux:linux_kernel:6.1:rc5:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 6.1 Update RC2
cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 6.1 Update RC1
cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 6.1 Update RC3
cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 6.1 Update RC4
cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 6.1 Update RC6
cpe:2.3:o:linux:linux_kernel:6.1:rc6:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 6.1
cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2022-4139

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 6 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-4139

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2022-4139

CWE-281 Improper Preservation of Permissions

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

Assigned by: secalert@redhat.com (Secondary)
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2022-4139

https://security.netapp.com/advisory/ntap-20230309-0004/

CVE-2022-4139 Linux Kernel Vulnerability in NetApp Products | NetApp Product Security
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2147572

2147572 – (CVE-2022-4139) CVE-2022-4139 kernel: i915: Incorrect GPU TLB flush can lead to random memory access
Issue Tracking;Patch;Third Party Advisory
https://www.openwall.com/lists/oss-security/2022/11/30/1

oss-security - Security sensitive bug in the i915 kernel driver (CVE-2022-4139)
Mailing List;Third Party Advisory

Jump to

Vulnerability Details : CVE-2022-4139

Products affected by CVE-2022-4139

Exploit prediction scoring system (EPSS) score for CVE-2022-4139

CVSS scores for CVE-2022-4139

CWE ids for CVE-2022-4139

References for CVE-2022-4139