CVE-2022-49635
📋 TL;DR
This CVE is an integer overflow vulnerability in the Linux kernel's i915 graphics driver selftests. It allows local attackers to cause denial of service or potentially execute arbitrary code with kernel privileges. Affected systems are those running vulnerable Linux kernel versions with Intel integrated graphics.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to kernel-level access, potentially leading to full system compromise and arbitrary code execution.
Likely Case
Kernel panic or system crash causing denial of service, requiring system reboot.
If Mitigated
Limited impact if proper access controls prevent local user access to vulnerable selftests.
🎯 Exploit Status
Requires local access and ability to trigger the vulnerable selftest code path. No known public exploits.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commit ab3edc679c552a466e4bf0b11af3666008bd65a2
Vendor Advisory: https://git.kernel.org/stable/c/333991c4e66b3d4b5613315f18016da80344f659
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commit. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Restrict selftest access
LinuxLimit access to kernel selftests to prevent triggering the vulnerable code path
chmod 700 /sys/kernel/debug/dri/*/i915_selftest
echo 0 > /proc/sys/kernel/perf_event_paranoid
🧯 If You Can't Patch
- Restrict local user access to systems with vulnerable kernels
- Implement strict access controls and monitoring for kernel debugging interfaces
🔍 How to Verify
Check if Vulnerable:
Check kernel version and verify if it contains the vulnerable commit: git log --oneline | grep -i 'ab3edc679c552a466e4bf0b11af3666008bd65a2'Check Version:
uname -rVerify Fix Applied:
Verify kernel version contains fix commit: git log --oneline | grep -i 'ab3edc679c552a466e4bf0b11af3666008bd65a2' should show the commit📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- OOM killer messages
- i915 driver crash logs in dmesg
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("panic" OR "Oops" OR "BUG") AND "i915"