Intel Linux Kernel Graphics Driver Patched For New Security Sensitive Bug

Written by Michael Larabel in Intel on 30 November 2022 at 01:00 PM EST. 19 Comments
INTEL
CVE-2022-4139 was made public today as an i915 kernel graphics driver security issue affecting all Gen12 graphics -- from integrated Tigerlake graphics up through the latest Raptor Lake graphics as well as the in-development Meteor Lake code plus the discrete GPUs of DG2/Alchemist and Arctic Sound.

Intel has disclosed CVE-2022-4139 as an incorrect GPU TLB flushing issue within their Linux kernel graphics driver. In some cases the translation lookaside buffer (TLB) is not flushed at all. At the very least there could be random memory corruption or data leaks while it's not yet been determined if specific memory could be targeted on affected Linux kernel versions up to this point. All versions from Linux 5.4 up through today's latest kernel versions are believed to be impacted when using Intel Gen12 integrated/discrete graphics. This though amounts to an Intel driver issue and not a hardware problem itself.


The oss-sec list disclosure from Intel notes:
Incorrect GPU TLB flush code has been discovered in i915 kernel driver.

In some cases (Gen12 hardware with specific types of engine) the engine's TLB is not flushed at all. Depending on whether the GPU is running behind an active IOMMU there are two possible scenarios which can happen, due to stale TLB mapping: 1. Without IOMMU - GPU can still access physical memory which could be already assigned by OS to different process. 2. With IOMMU - GPU can access any memory, if the malicious process is able to create/reuse necessary IOMMU mappings.

It is currently not known if specific memory could be targeted, but random memory corruption or data leaks are a known possibility.

All Intel integrated and discrete GPUs Gen12 are affected, including Tiger Lake, Rocket Lake, Alder Lake, DG1, Raptor Lake, DG2, Arctic Sound, Meteor Lake. Fix has already been developed and consists of fixing the method of writing to specific registers.

Linus Torvalds just merged this five lines of code for mitigating the TLB invalidation on Intel Gen12 graphics for the video and compute engines.
drm/i915: fix TLB invalidation for Gen12 video and compute engines

In case of Gen12 video and compute engines, TLB_INV registers are masked - to modify one bit, corresponding bit in upper half of the register must be enabled, otherwise nothing happens.

This small patch should be back-ported to Linux stable series in short order.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week