securityonline.info
Open in
urlscan Pro
2a05:d014:776:a63d:6339:2a28:fc90:eea
Public Scan
Submitted URL: https://securityonline.info/cve-2022-4139-high-risk-vulnerability-in-linux-=
Effective URL: https://securityonline.info/cve-2022-4139-high-risk-vulnerability-in-linux-kernels-gpu-i915-kernel-driver/
Submission: On November 08 via api from IN — Scanned from DE
Effective URL: https://securityonline.info/cve-2022-4139-high-risk-vulnerability-in-linux-kernels-gpu-i915-kernel-driver/
Submission: On November 08 via api from IN — Scanned from DE
Form analysis
2 forms found in the DOMhttps://securityonline.info/
<form role="search" class="search-form" action="https://securityonline.info/"><label><span class="screen-reader-text">Search for:</span>
<input type="search" class="search-field" placeholder="Search …" name="s"></label>
<input type="submit" class="search-submit" value="Search">
</form>
https://securityonline.info/
<form role="search" class="search-form" action="https://securityonline.info/"><label><span class="screen-reader-text">Search for:</span>
<input type="search" class="search-field" placeholder="Search …" name="s"></label>
<input type="submit" class="search-submit" value="Search">
</form>
Text Content
🌎 DE EN FR ES IT HR SV SR SL NL ✕ 🍪 DATENSCHUTZ & TRANSPARENZ Wir und unsere Partner verwenden Cookies, um Informationen auf einem Gerät speichern und/oder abrufen zu können. Wir und unsere Partner verwenden Daten für Personalisierte Anzeigen und Inhalte, Anzeigen- und Inhaltsmessungen, Erkenntnisse über Zielgruppen und Produktentwicklungen. Ein Beispiel für Daten, welche verarbeitet werden, kann eine in einem Cookie gespeicherte eindeutige Kennung sein. Einige unserer Partner können Ihre Daten im Rahmen ihrer legitimen Geschäftsinteressen verarbeiten, ohne Ihre Zustimmung einzuholen. Um die Verwendungszwecke einzusehen, für die diese ihrer Meinung nach ein berechtigtes Interesse haben, oder um dieser Datenverarbeitung zu widersprechen, verwenden Sie den unten stehenden Link zur Anbieterliste. Die übermittelte Einwilligung wird nur für die von dieser Webseite ausgehende Datenverarbeitung verwendet. Wenn Sie Ihre Einstellungen ändern oder Ihre Einwilligung jederzeit widerrufen möchten, finden Sie den Link dazu in unserer Datenschutzerklärung, die von unserer Homepage aus zugänglich ist. Einstellungen verwalten Nur notwendige Cookies Weiter mit den empfohlenen Cookies Anbieter-Liste | Datenschutzerklärung Skip to content Penetration Testing * Search for: * Home * Forensics * Machine Learning * Malware Analysis * Networking * Network PenTest * Information Gathering * Vulnerability Analysis * Exploitation * Metasploit * Post Exploitation * Maintaining Access * Password Attacks * Sniffing & Spoofing * Smartphone PenTest * Wireless * Reverse Engineering * Programming * Technique * Web PenTest * Web Information Gathering * Web Vulnerability Analysis * Web Exploitation * Web Maintaining Access * Reporting * Home * Forensics * Machine Learning * Malware Analysis * Networking * Network PenTest * Information Gathering * Vulnerability Analysis * Exploitation * Metasploit * Post Exploitation * Maintaining Access * Password Attacks * Sniffing & Spoofing * Smartphone PenTest * Wireless * Reverse Engineering * Programming * Technique * Web PenTest * Web Information Gathering * Web Vulnerability Analysis * Web Exploitation * Web Maintaining Access * Reporting Search for: Penetration Testing * Vulnerability CVE-2022-4139: HIGH-RISK VULNERABILITY IN LINUX KERNEL’S GPU I915 KERNEL DRIVER by do son · November 30, 2022 A newly disclosed security vulnerability in the Linux kernel could be leveraged by a local attacker to gain elevated privileges on vulnerable systems to execute arbitrary code. Tracked as CVE-2022-4139 (CVSS score: 7.0), the flaw impacts affected Linux kernel stable branches (all since 5.4) and is a result of a security-sensitive bug in the Linux kernel’s GPU i915 kernel driver. The flaw resides incorrect GPU TLB flush code in the i915 kernel driver. According to the seclists, “Depending on whether the GPU is running behind an active IOMMU there are two possible scenarios which can happen, due to stale TLB mapping: 1. Without IOMMU – GPU can still access physical memory which could be already assigned by OS to different process. 2. With IOMMU – GPU can access any memory, if the malicious process is able to create/reuse necessary IOMMU mappings.” “An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system,” Red Hat said in an advisory published on November 30, 2022. How to Fix the Video Driver Crashed... Please enable JavaScript Video Player is loading. Play Video PlaySkip Backward Unmute Current Time 0:00 / Duration 1:09 Loaded: 8.58% 0:00 Stream Type LIVE Seek to live, currently behind liveLIVE Remaining Time -1:09 1x Playback Rate Chapters * Chapters Descriptions * descriptions off, selected Captions * captions settings, opens captions settings dialog * captions off, selected * English (US) (Auto Generated) Captions Audio Track * main, selected Auto(360pLQ) * 1080pFHD * 720pHD * Auto(360pLQ) ShareFullscreen This is a modal window. Beginning of dialog window. Escape will cancel and close the window. TextColorWhiteBlackRedGreenBlueYellowMagentaCyanOpacityOpaqueSemi-TransparentText BackgroundColorBlackWhiteRedGreenBlueYellowMagentaCyanOpacityOpaqueSemi-TransparentTransparentCaption Area BackgroundColorBlackWhiteRedGreenBlueYellowMagentaCyanOpacityTransparentSemi-TransparentOpaque Font Size50%75%100%125%150%175%200%300%400%Text Edge StyleNoneRaisedDepressedUniformDropshadowFont FamilyProportional Sans-SerifMonospace Sans-SerifProportional SerifMonospace SerifCasualScriptSmall Caps Reset restore all settings to the default valuesDone Close Modal Dialog End of dialog window. How to Fix the Video Driver Crashed Error on Windows 11/10 To successfully exploit this vulnerability, attackers need to have access to the targeted system and run their exploit which leads to obtaining sensitive information or causing random memory corruption. All Intel integrated and discrete GPUs Gen12, including Tiger Lake, Rocket Lake, Alder Lake, DG1, Raptor Lake, DG2, Arctic Sound, and Meteor Lake are vulnerable to CVE-2022-4139. A researcher has backported the patches to all affected stable branches to address the issue, Red Hat Enterprise Linux, Ubuntu, CentOS, and Debian have not implemented the changes and therefore, are vulnerable to the attacks. If you are an advanced Linux user, apply the patch and rebuild the kernel yourself. OR, you can wait for the next kernel update from your distro provider and apply it as soon as possible. Share Tags: CVE-2022-4139Linux Kernel * Next story ADFSRelay: NTLM Relaying Attacks Targeting ADFS * Previous story CVE-2022-41325: VLC media player remote code execution vulnerability Follow: * * * * * * SEARCH MAKE THE WEBSITE ONLINE * Positioning Your Business For Sale: Key Factors to Consider * HyperX Released Clutch Gladiate RGB Wired Game Controller * SteelSeries launches Ghost Edition Apex Pro Mini keyboard * Bringing NPCs to Life: Microsoft’s Inworld AI Revolutionizes Xbox Gaming * OpenAI’s GPT Service: Unleashing AI’s Potential Without Coding * OpenAI launches an upgraded large-scale language model called GPT-4 Turbo * Snapdragon X35 5G data modem chip has been adopted by most telecom operators * NVIDIA RTX 4070 Ti SUPER packaging design exposed Reward BRILLIANTLY SAFE! securityonline.info CONTENT & LINKS Verified by Sur.ly 2022 * About Us * Contact Us * Disclaimer * Privacy Policy * DMCA NOTICE * Search Results Penetration Testing © 2023. All Rights Reserved. * * * * * * x x