Intel's Linux Graphics Driver Gets Patched For A Gen9 Graphics Vulnerability

On top of the Intel graphics driver patches back from November for denial of service and privilege escalation bugs, the Linux kernel received a new patch today for "CVE-2019-14615" regarding a possible data disclosure with Gen9 graphics hardware.

CVE-2019-14615 hasn't been made public yet but the commit (63d264fe) merged to mainline today, this second Tuesday of the month, explains:

Insufficient control flow in certain data structures for some Intel Processors with Intel Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access

This provides mitigation for Gen9 hardware. Note that Gen8 is not impacted due to a previously implemented workaround.

The mitigation involves using an existing hardware feature to forcibly clear down all EU state at each context switch

It's important to note with this vulnerability leading to possible information disclosure, local access to the system is required.

Intel Gen9 graphics cover from Skylake through Coffee Lake (and basically everything on the market pre-Gen11 Icelake).

The workaround to force the clearing of all execution unit state on each context switch amounts to an eight line kernel patch. While currently in Linux 5.5 Git, the patch will presumably be found in stable kernel point releases in short order.

Update; Intel Gen7/Gen7.5 graphics hardware is also affected and requires a separate yet-to-be-mainlined mitigation.