CVE-2022-48662
📋 TL;DR
A use-after-free vulnerability in the Linux kernel's i915 graphics driver allows local attackers to cause a kernel panic (denial of service) or potentially execute arbitrary code with kernel privileges. This affects systems with Intel integrated graphics running vulnerable kernel versions.
💻 Affected Systems
- Linux kernel with i915 graphics driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to root, complete system compromise, or persistent denial of service through kernel panic.
Likely Case
Kernel panic leading to system crash and denial of service, requiring physical or remote console access to reboot.
If Mitigated
Limited to denial of service if exploit fails or system has additional protections like kernel address space layout randomization (KASLR).
🎯 Exploit Status
Exploitation requires local access and knowledge of kernel internals. The vulnerability is in a performance monitoring interface (i915_perf) that may require specific permissions to access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 713fa3e4591f65f804bdc88e8648e219fabc9ee1, d119888b09bd567e07c6b93a07f175df88857e02, f799e0568d6c153368b177e0bbbde7dcc4ce7f1d
Vendor Advisory: https://git.kernel.org/stable/c/713fa3e4591f65f804bdc88e8648e219fabc9ee1
Restart Required: Yes
Instructions:
1. Update Linux kernel to a version containing the fix commits. 2. For distributions: Use package manager (e.g., apt, yum) to install latest kernel updates. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable i915 performance monitoring
linuxRestrict access to the i915_perf interface to prevent exploitation.
echo 0 > /sys/module/i915/parameters/enable_perf
chmod 000 /dev/dri/card* (if applicable, but may break graphics)
Use kernel module blacklisting
linuxPrevent i915 module from loading (not recommended for systems requiring Intel graphics).
echo 'blacklist i915' >> /etc/modprobe.d/blacklist.conf
🧯 If You Can't Patch
- Restrict local user access to systems; implement principle of least privilege.
- Monitor for kernel panic logs and investigate unauthorized local access attempts.
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if i915 module is loaded: uname -r && lsmod | grep i915Check Version:
uname -rVerify Fix Applied:
Verify kernel version is patched: grep -q '713fa3e4591f65f804bdc88e8648e219fabc9ee1\|d119888b09bd567e07c6b93a07f175df88857e02\|f799e0568d6c153368b177e0bbbde7dcc4ce7f1d' /proc/version_signature (if available) or check distribution patch notes.📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs mentioning 'general protection fault' in i915_perf_open_ioctl or oa_configure_all_contexts
- System crashes or reboots without clear cause
Network Indicators:
- None - local exploitation only
SIEM Query:
source="kernel" AND "general protection fault" AND "i915"🔗 References
- https://git.kernel.org/stable/c/713fa3e4591f65f804bdc88e8648e219fabc9ee1
- https://git.kernel.org/stable/c/d119888b09bd567e07c6b93a07f175df88857e02
- https://git.kernel.org/stable/c/f799e0568d6c153368b177e0bbbde7dcc4ce7f1d
- https://git.kernel.org/stable/c/713fa3e4591f65f804bdc88e8648e219fabc9ee1
- https://git.kernel.org/stable/c/d119888b09bd567e07c6b93a07f175df88857e02
- https://git.kernel.org/stable/c/f799e0568d6c153368b177e0bbbde7dcc4ce7f1d
