CVE-2022-0330
📋 TL;DR
A memory access vulnerability in the Linux kernel's i915 GPU driver allows local attackers to execute malicious GPU code, potentially causing system crashes or privilege escalation. This affects Linux systems with Intel integrated graphics using the i915 driver. Attackers need local access to exploit this flaw.
💻 Affected Systems
- Linux kernel with i915 GPU driver
📦 What is this software?
Codeready Linux Builder Eus For Power Little Endian by Redhat
View all CVEs affecting Codeready Linux Builder Eus For Power Little Endian →
Codeready Linux Builder For Power Little Endian Eus by Redhat
View all CVEs affecting Codeready Linux Builder For Power Little Endian Eus →
Codeready Linux Builder For Power Little Endian Eus by Redhat
View all CVEs affecting Codeready Linux Builder For Power Little Endian Eus →
Enterprise Linux For Ibm Z Systems by Redhat
View all CVEs affecting Enterprise Linux For Ibm Z Systems →
Enterprise Linux For Ibm Z Systems Eus by Redhat
View all CVEs affecting Enterprise Linux For Ibm Z Systems Eus →
Enterprise Linux For Ibm Z Systems Eus by Redhat
View all CVEs affecting Enterprise Linux For Ibm Z Systems Eus →
Enterprise Linux For Power Big Endian by Redhat
View all CVEs affecting Enterprise Linux For Power Big Endian →
Enterprise Linux For Power Little Endian by Redhat
View all CVEs affecting Enterprise Linux For Power Little Endian →
Enterprise Linux For Power Little Endian by Redhat
View all CVEs affecting Enterprise Linux For Power Little Endian →
Enterprise Linux For Power Little Endian Eus by Redhat
View all CVEs affecting Enterprise Linux For Power Little Endian Eus →
Enterprise Linux For Power Little Endian Eus by Redhat
View all CVEs affecting Enterprise Linux For Power Little Endian Eus →
Enterprise Linux For Real Time For Nfv by Redhat
View all CVEs affecting Enterprise Linux For Real Time For Nfv →
Enterprise Linux For Real Time For Nfv by Redhat
View all CVEs affecting Enterprise Linux For Real Time For Nfv →
Enterprise Linux For Real Time For Nfv Tus by Redhat
View all CVEs affecting Enterprise Linux For Real Time For Nfv Tus →
Enterprise Linux For Real Time For Nfv Tus by Redhat
View all CVEs affecting Enterprise Linux For Real Time For Nfv Tus →
Enterprise Linux For Real Time Tus by Redhat
View all CVEs affecting Enterprise Linux For Real Time Tus →
Enterprise Linux For Real Time Tus by Redhat
View all CVEs affecting Enterprise Linux For Real Time Tus →
Enterprise Linux For Scientific Computing by Redhat
View all CVEs affecting Enterprise Linux For Scientific Computing →
Enterprise Linux Server Update Services For Sap Solutions by Redhat
View all CVEs affecting Enterprise Linux Server Update Services For Sap Solutions →
Enterprise Linux Server Update Services For Sap Solutions by Redhat
View all CVEs affecting Enterprise Linux Server Update Services For Sap Solutions →
Enterprise Linux Server Update Services For Sap Solutions by Redhat
View all CVEs affecting Enterprise Linux Server Update Services For Sap Solutions →
Enterprise Linux Server Update Services For Sap Solutions by Redhat
View all CVEs affecting Enterprise Linux Server Update Services For Sap Solutions →
Enterprise Linux Server Update Services For Sap Solutions by Redhat
View all CVEs affecting Enterprise Linux Server Update Services For Sap Solutions →
Fedora by Fedoraproject
Fedora by Fedoraproject
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to root, complete system compromise, or persistent denial of service through kernel crashes.
Likely Case
Local privilege escalation allowing attackers to gain root access on affected systems.
If Mitigated
Limited to denial of service through system crashes if proper access controls prevent privilege escalation.
🎯 Exploit Status
Exploitation requires local access and ability to run GPU code. Proof-of-concept code exists in security advisories.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel 5.16.7, 5.15.25, and later versions
Vendor Advisory: https://bugzilla.redhat.com/show_bug.cgi?id=2042404
Restart Required: Yes
Instructions:
1. Update Linux kernel to version 5.16.7, 5.15.25 or later. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system after update.
🔧 Temporary Workarounds
Disable i915 GPU driver
linuxPrevents exploitation by disabling the vulnerable driver module
echo 'blacklist i915' >> /etc/modprobe.d/blacklist.conf
update-initramfs -u
reboot
Restrict GPU access
linuxLimit which users can access GPU devices
chmod 600 /dev/dri/renderD128
chmod 600 /dev/dri/card0
🧯 If You Can't Patch
- Implement strict access controls to limit local user privileges
- Monitor for suspicious GPU-related system calls and privilege escalation attempts
🔍 How to Verify
Check if Vulnerable:
Check kernel version: uname -r. If version is earlier than 5.16.7 or 5.15.25, system is vulnerable if using i915 driver.Check Version:
uname -rVerify Fix Applied:
Verify kernel version is 5.16.7, 5.15.25 or later: uname -r. Check i915 module is loaded: lsmod | grep i915.📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- GPU driver crash messages in dmesg
- Unexpected privilege escalation events
Network Indicators:
- None - local exploit only
SIEM Query:
source="kernel" AND ("panic" OR "Oops" OR "i915") OR event_type="privilege_escalation"🔗 References
- http://www.openwall.com/lists/oss-security/2022/11/30/1
- https://bugzilla.redhat.com/show_bug.cgi?id=2042404
- https://security.netapp.com/advisory/ntap-20220526-0001/
- https://www.openwall.com/lists/oss-security/2022/01/25/12
- http://www.openwall.com/lists/oss-security/2022/11/30/1
- https://bugzilla.redhat.com/show_bug.cgi?id=2042404
- https://security.netapp.com/advisory/ntap-20220526-0001/
- https://www.openwall.com/lists/oss-security/2022/01/25/12
