PT-2022-7337 · Linux+3 · Linux Kernel+3

Mark Janes

·

Published

2022-09-20

·

Updated

2025-01-27

·

CVE-2022-48662

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The vulnerability is related to the drm/i915/gem module in the Linux kernel. It occurs because i915 perf assumes it can use the i915 gem context reference to protect its i915->gem.contexts.list iteration. However, this requires that the context is not removed from the list until after the final reference is dropped and the struct is released. If the context is removed from the list during context close(), the link.next pointer may be poisoned while holding the context reference, causing a general protection fault (GPF). The issue is triggered when i915 perf open ioctl is called, and it attempts to filter on a specific context ID.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-413CWE-119

Related Identifiers

BDU:2024-03709
CVE-2022-48662
OPENSUSE-SU-2024_1641-1
OPENSUSE-SU-2024_1644-1
OPENSUSE-SU-2024_1659-1
OPENSUSE-SU-2024_1663-1
OPENSUSE-SU-2024_2189-1
OPENSUSE-SU-2024_3623-1
OPENSUSE-SU-2024_3631-1
OPENSUSE-SU-2024_3639-1
OPENSUSE-SU-2024_3679-1
OPENSUSE-SU-2024_3694-1
OPENSUSE-SU-2024_3695-1
OPENSUSE-SU-2024_3696-1
OPENSUSE-SU-2024_3697-1
OPENSUSE-SU-2024_3793-1
OPENSUSE-SU-2024_3815-1
OPENSUSE-SU-2024_3829-1
OPENSUSE-SU-2024_3830-1
OPENSUSE-SU-2024_3837-1
OPENSUSE-SU-2024_3842-1
OPENSUSE-SU-2024_3851-1
OPENSUSE-SU-2024_3852-1
OPENSUSE-SU-2024_3855-1
OPENSUSE-SU-2024_4122-1
OPENSUSE-SU-2024_4123-1
OPENSUSE-SU-2024_4124-1
OPENSUSE-SU-2024_4214-1
OPENSUSE-SU-2024_4216-1
OPENSUSE-SU-2024_4218-1
OPENSUSE-SU-2024_4234-1
OPENSUSE-SU-2024_4235-1
OPENSUSE-SU-2024_4266-1
OPENSUSE-SU-2025_0107-1
OPENSUSE-SU-2025_0109-1
OPENSUSE-SU-2025_0114-1
OPENSUSE-SU-2025_0115-1
OPENSUSE-SU-2025_0150-1
OPENSUSE-SU-2025_0158-1
OPENSUSE-SU-2025_0248-1
OPENSUSE-SU-2025_0251-1
OPENSUSE-SU-2025_0252-1
OPENSUSE-SU-2025_0253-1
OPENSUSE-SU-2025_0261-1
OPENSUSE-SU-2025_0266-1
SUSE-SU-2024:1641-1
SUSE-SU-2024:1644-1
SUSE-SU-2024:1647-1
SUSE-SU-2024:1659-1
SUSE-SU-2024:1663-1
SUSE-SU-2024:2008-1
SUSE-SU-2024:2189-1
SUSE-SU-2024:2190-1
SUSE-SU-2024:3318-1
SUSE-SU-2024:3336-1
SUSE-SU-2024:3347-1
SUSE-SU-2024:3348-1
SUSE-SU-2024:3361-1
SUSE-SU-2024:3368-1
SUSE-SU-2024:3375-1
SUSE-SU-2024:3379-1
SUSE-SU-2024:3395-1
SUSE-SU-2024:3399-1
SUSE-SU-2024:3405-1
SUSE-SU-2024:3425-1
SUSE-SU-2024:3623-1
SUSE-SU-2024:3631-1
SUSE-SU-2024:3639-1
SUSE-SU-2024:3679-1
SUSE-SU-2024:3694-1
SUSE-SU-2024:3695-1
SUSE-SU-2024:3696-1
SUSE-SU-2024:3697-1
SUSE-SU-2024:3793-1
SUSE-SU-2024:3815-1
SUSE-SU-2024:3829-1
SUSE-SU-2024:3830-1
SUSE-SU-2024:3837-1
SUSE-SU-2024:3842-1
SUSE-SU-2024:3851-1
SUSE-SU-2024:3852-1
SUSE-SU-2024:3855-1
SUSE-SU-2024:4122-1
SUSE-SU-2024:4123-1
SUSE-SU-2024:4124-1
SUSE-SU-2024:4214-1
SUSE-SU-2024:4216-1
SUSE-SU-2024:4218-1
SUSE-SU-2024:4234-1
SUSE-SU-2024:4235-1
SUSE-SU-2024:4266-1
SUSE-SU-2025:0107-1
SUSE-SU-2025:0109-1
SUSE-SU-2025:0114-1
SUSE-SU-2025:0115-1
SUSE-SU-2025:0150-1
SUSE-SU-2025:0158-1
SUSE-SU-2025:0248-1
SUSE-SU-2025:0251-1
SUSE-SU-2025:0252-1
SUSE-SU-2025:0253-1
SUSE-SU-2025:0261-1
SUSE-SU-2025:0266-1

Affected Products

Astra Linux
Linux Kernel
Red Os
Suse