CVE-2022-49960
📋 TL;DR
A null pointer dereference vulnerability in the Linux kernel's Intel i915 graphics driver causes kernel panics during system boot on affected devices. This affects Linux systems with Intel Tiger Lake (TGL) graphics running vulnerable kernel versions, particularly Asus Chromebook CX550 devices. The vulnerability leads to denial of service but does not allow arbitrary code execution.
💻 Affected Systems
- Linux kernel with Intel i915 graphics driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
System crashes during boot, resulting in complete denial of service and requiring physical access to recover the system.
Likely Case
System fails to boot properly, requiring kernel rollback or patching to restore functionality.
If Mitigated
No impact if patched kernel is used or affected hardware is not present.
🎯 Exploit Status
Exploitation occurs automatically when vulnerable kernel boots on affected hardware, no user interaction required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commit c247cd03898c4c43c3bce6d4014730403bc13032 and backported to stable branches
Vendor Advisory: https://git.kernel.org/stable/c/458ec0c8f35963626ccd51c3d50b752de5f1b9d4
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing fix commit c247cd03898c4c43c3bce6d4014730403bc13032 or later. 2. For distributions: Use package manager to update kernel package. 3. Reboot system to load patched kernel.
🔧 Temporary Workarounds
Boot with different kernel version
linuxBoot with older kernel version that doesn't contain the vulnerable code
Select older kernel from GRUB boot menu or modify bootloader configuration
Disable i915 driver temporarily
linuxPrevent loading of vulnerable i915 graphics driver
Add 'modprobe.blacklist=i915' to kernel boot parameters
🧯 If You Can't Patch
- Avoid using affected hardware (Intel Tiger Lake graphics) with vulnerable kernel versions
- Maintain system backups and recovery media for emergency restoration
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if system has Intel Tiger Lake graphics: 'uname -r' and 'lspci | grep -i vga'Check Version:
uname -rVerify Fix Applied:
Verify kernel contains fix commit: 'grep -r c247cd03898c4c43c3bce6d4014730403bc13032 /boot/System.map*' or check kernel version is after fix📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages mentioning 'tgl_get_bw_info' or 'NULL pointer dereference' in /var/log/kern.log or dmesg
Network Indicators:
- None - local vulnerability only
SIEM Query:
EventID: kernel_panic OR Message CONTAINS 'tgl_get_bw_info' OR 'NULL pointer dereference'