CVE-2022-4139Improper Preservation of Permissions in Kernel

CWE-281Improper Preservation of PermissionsCWE-401Missing Release of Memory after Effective LifetimeCWE-825Expired Pointer Dereference41 documents11 sources
Severity
7.8HIGHNVD
OSV5.5
EPSS
0.0%
top 96.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Linux KernelDebian LinuxPaloalto Pan-os+3 more
Timeline
PublishedJan 27
Latest updateFeb 14

Description

An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages9 packages

NVDlinux/linux_kernel5.45.4.226+4
Debianlinux/linux_kernel< 5.10.158-1+3
Ubuntulinux/linux_kernel< 5.4.0-144.161+1
CVEListV5linux/linux_kernelkernel 6.1-rc7
debiandebian/linux< linux 6.0.10-2 (bookworm)

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

17
GHSA
GHSA-hjjq-3jj4-c7c6: An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks2023-07-06
OSV
linux-oem-5.17 vulnerabilities2023-05-30
OSV
linux-bluefield vulnerabilities2023-04-05
OSV
linux-intel-iotg vulnerabilities2023-03-16
OSV
linux-ibm, linux-ibm-5.4 vulnerabilities2023-03-14

📋Vendor Advisories

23
Palo Alto
PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS2024-02-14
CISA ICS
Siemens SIMATIC S7-1500 TM MFP Linux Kernel2023-06-15
Ubuntu
Linux kernel (OEM) vulnerabilities2023-05-30
Ubuntu
Linux kernel (OEM) vulnerability2023-05-18
Ubuntu
Linux kernel (BlueField) vulnerabilities2023-04-05