securityonline.info
Open in
urlscan Pro
2a05:d014:776:a63d:6339:2a28:fc90:eea
Public Scan
Submitted URL: https://securityonline.info/cve-2022-4139-high-risk-vulnerability-in-linux-=
Effective URL: https://securityonline.info/cve-2022-4139-high-risk-vulnerability-in-linux-kernels-gpu-i915-kernel-driver/
Submission: On November 08 via api from IN — Scanned from DE
Effective URL: https://securityonline.info/cve-2022-4139-high-risk-vulnerability-in-linux-kernels-gpu-i915-kernel-driver/
Submission: On November 08 via api from IN — Scanned from DE
Form analysis 2 forms found in the DOM
https://securityonline.info/
<form role="search" class="search-form" action="https://securityonline.info/"><label><span class="screen-reader-text">Search for:</span>
<input type="search" class="search-field" placeholder="Search …" name="s"></label>
<input type="submit" class="search-submit" value="Search">
</form>https://securityonline.info/
<form role="search" class="search-form" action="https://securityonline.info/"><label><span class="screen-reader-text">Search for:</span>
<input type="search" class="search-field" placeholder="Search …" name="s"></label>
<input type="submit" class="search-submit" value="Search">
</form>Text Content
🌎 DE EN FR ES IT HR SV SR SL NL
✕
🍪 DATENSCHUTZ & TRANSPARENZ
Wir und unsere Partner verwenden Cookies, um Informationen auf einem Gerät
speichern und/oder abrufen zu können. Wir und unsere Partner verwenden Daten für
Personalisierte Anzeigen und Inhalte, Anzeigen- und Inhaltsmessungen,
Erkenntnisse über Zielgruppen und Produktentwicklungen. Ein Beispiel für Daten,
welche verarbeitet werden, kann eine in einem Cookie gespeicherte eindeutige
Kennung sein. Einige unserer Partner können Ihre Daten im Rahmen ihrer legitimen
Geschäftsinteressen verarbeiten, ohne Ihre Zustimmung einzuholen. Um die
Verwendungszwecke einzusehen, für die diese ihrer Meinung nach ein berechtigtes
Interesse haben, oder um dieser Datenverarbeitung zu widersprechen, verwenden
Sie den unten stehenden Link zur Anbieterliste. Die übermittelte Einwilligung
wird nur für die von dieser Webseite ausgehende Datenverarbeitung verwendet.
Wenn Sie Ihre Einstellungen ändern oder Ihre Einwilligung jederzeit widerrufen
möchten, finden Sie den Link dazu in unserer Datenschutzerklärung, die von
unserer Homepage aus zugänglich ist.
Einstellungen verwalten Nur notwendige Cookies Weiter mit den empfohlenen
Cookies
Anbieter-Liste | Datenschutzerklärung
Skip to content
Penetration Testing
* Search for:
* Home
* Forensics
* Machine Learning
* Malware Analysis
* Networking
* Network PenTest
* Information Gathering
* Vulnerability Analysis
* Exploitation
* Metasploit
* Post Exploitation
* Maintaining Access
* Password Attacks
* Sniffing & Spoofing
* Smartphone PenTest
* Wireless
* Reverse Engineering
* Programming
* Technique
* Web PenTest
* Web Information Gathering
* Web Vulnerability Analysis
* Web Exploitation
* Web Maintaining Access
* Reporting
* Home
* Forensics
* Machine Learning
* Malware Analysis
* Networking
* Network PenTest
* Information Gathering
* Vulnerability Analysis
* Exploitation
* Metasploit
* Post Exploitation
* Maintaining Access
* Password Attacks
* Sniffing & Spoofing
* Smartphone PenTest
* Wireless
* Reverse Engineering
* Programming
* Technique
* Web PenTest
* Web Information Gathering
* Web Vulnerability Analysis
* Web Exploitation
* Web Maintaining Access
* Reporting
Search for:
Penetration Testing
* Vulnerability
CVE-2022-4139: HIGH-RISK VULNERABILITY IN LINUX KERNEL’S GPU I915 KERNEL DRIVER
by do son · November 30, 2022
A newly disclosed security vulnerability in the Linux kernel could be leveraged
by a local attacker to gain elevated privileges on vulnerable systems to execute
arbitrary code.
Tracked as CVE-2022-4139 (CVSS score: 7.0), the flaw impacts affected Linux
kernel stable branches (all since 5.4) and is a result of a security-sensitive
bug in the Linux kernel’s GPU i915 kernel driver.
The flaw resides incorrect GPU TLB flush code in the i915 kernel driver.
According to the seclists, “Depending on whether the GPU is running behind an
active IOMMU there are two possible scenarios which can happen, due to stale TLB
mapping:
1. Without IOMMU – GPU can still access physical memory which could be already
assigned by OS to different process.
2. With IOMMU – GPU can access any memory, if the malicious process is able to
create/reuse necessary IOMMU mappings.”
“An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel
driver, potentially leading to random memory corruption or data leaks. This flaw
could allow a local user to crash the system or escalate their privileges on the
system,” Red Hat said in an advisory published on November 30, 2022.
How to Fix the Video Driver Crashed...
Please enable JavaScript
Video Player is loading.
Play Video
PlaySkip Backward
Unmute
Current Time 0:00
/
Duration 1:09
Loaded: 8.58%
0:00
Stream Type LIVE
Seek to live, currently behind liveLIVE
Remaining Time -1:09
1x
Playback Rate
Chapters
* Chapters
Descriptions
* descriptions off, selected
Captions
* captions settings, opens captions settings dialog
* captions off, selected
* English (US) (Auto Generated) Captions
Audio Track
* main, selected
Auto(360pLQ)
* 1080pFHD
* 720pHD
* Auto(360pLQ)
ShareFullscreen
This is a modal window.
Beginning of dialog window. Escape will cancel and close the window.
TextColorWhiteBlackRedGreenBlueYellowMagentaCyanOpacityOpaqueSemi-TransparentText
BackgroundColorBlackWhiteRedGreenBlueYellowMagentaCyanOpacityOpaqueSemi-TransparentTransparentCaption
Area
BackgroundColorBlackWhiteRedGreenBlueYellowMagentaCyanOpacityTransparentSemi-TransparentOpaque
Font Size50%75%100%125%150%175%200%300%400%Text Edge
StyleNoneRaisedDepressedUniformDropshadowFont FamilyProportional
Sans-SerifMonospace Sans-SerifProportional SerifMonospace SerifCasualScriptSmall
Caps
Reset restore all settings to the default valuesDone
Close Modal Dialog
End of dialog window.
How to Fix the Video Driver Crashed Error on Windows 11/10
To successfully exploit this vulnerability, attackers need to have access to the
targeted system and run their exploit which leads to obtaining sensitive
information or causing random memory corruption.
All Intel integrated and discrete GPUs Gen12, including Tiger Lake, Rocket Lake,
Alder Lake, DG1, Raptor Lake, DG2, Arctic Sound, and Meteor Lake are vulnerable
to CVE-2022-4139.
A researcher has backported the patches to all affected stable branches to
address the issue, Red Hat Enterprise Linux, Ubuntu, CentOS, and Debian have not
implemented the changes and therefore, are vulnerable to the attacks. If you are
an advanced Linux user, apply the patch and rebuild the kernel yourself. OR, you
can wait for the next kernel update from your distro provider and apply it as
soon as possible.
Share
Tags: CVE-2022-4139Linux Kernel
* Next story ADFSRelay: NTLM Relaying Attacks Targeting ADFS
* Previous story CVE-2022-41325: VLC media player remote code execution
vulnerability
Follow:
*
*
*
*
*
*
SEARCH
MAKE THE WEBSITE ONLINE
* Positioning Your Business For Sale: Key Factors to Consider
* HyperX Released Clutch Gladiate RGB Wired Game Controller
* SteelSeries launches Ghost Edition Apex Pro Mini keyboard
* Bringing NPCs to Life: Microsoft’s Inworld AI Revolutionizes Xbox Gaming
* OpenAI’s GPT Service: Unleashing AI’s Potential Without Coding
* OpenAI launches an upgraded large-scale language model called GPT-4 Turbo
* Snapdragon X35 5G data modem chip has been adopted by most telecom operators
* NVIDIA RTX 4070 Ti SUPER packaging design exposed
Reward
BRILLIANTLY
SAFE!
securityonline.info
CONTENT & LINKS
Verified by Sur.ly
2022
* About Us
* Contact Us
* Disclaimer
* Privacy Policy
* DMCA NOTICE
* Search Results
Penetration Testing © 2023. All Rights Reserved.
*
*
*
*
*
*
x
x