Hide Forgot
Incorrect GPU TLB flush code has been discovered in i915 kernel driver. In some cases (Gen12 hardware with specific types of engine) the engine's TLB is not flushed at all. Depending on whether the GPU is running behind an active IOMMU there are two possible scenarios which can happen, due to stale TLB mapping: 1. Without IOMMU - GPU can still access physical memory which could be already assigned by OS to different process. 2. With IOMMU - GPU can access any memory, if the malicious process is able to create/reuse necessary IOMMU mappings. It is currently not known if specific memory could be targeted, but random memory corruption or data leaks are a known possibility. All Intel integrated and discrete GPUs Gen12 are affected, including Tiger Lake, Rocket Lake, Alder Lake, DG1, Raptor Lake, DG2, Arctic Sound, Meteor Lake. This vulnerability has similar impact as CVE-2022-0330: https://access.redhat.com/security/cve/CVE-2022-0330. Reference: https://www.openwall.com/lists/oss-security/2022/11/30/1
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2149657]
Upstream fix: https://github.com/torvalds/linux/commit/04aa64375f48a5d430b5550d9271f8428883e550
For RHEL 7: it doesn't support Gen12 at all. so I'll close all those.
I've closed all the kernel streams that this doesn't affect. It's RHEL 8.3 and forward, and RHEL 9.0 and forward.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:0101 https://access.redhat.com/errata/RHSA-2023:0101
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:0114 https://access.redhat.com/errata/RHSA-2023:0114
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:0123 https://access.redhat.com/errata/RHSA-2023:0123
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:0300 https://access.redhat.com/errata/RHSA-2023:0300
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:0334 https://access.redhat.com/errata/RHSA-2023:0334
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:0348 https://access.redhat.com/errata/RHSA-2023:0348
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:0441 https://access.redhat.com/errata/RHSA-2023:0441
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:0440 https://access.redhat.com/errata/RHSA-2023:0440
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2023:0499 https://access.redhat.com/errata/RHSA-2023:0499
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2023:0496 https://access.redhat.com/errata/RHSA-2023:0496
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:0526 https://access.redhat.com/errata/RHSA-2023:0526
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:0512 https://access.redhat.com/errata/RHSA-2023:0512
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:0536 https://access.redhat.com/errata/RHSA-2023:0536
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2023:0531 https://access.redhat.com/errata/RHSA-2023:0531
This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Via RHSA-2023:0859 https://access.redhat.com/errata/RHSA-2023:0859
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-4139