CVE-2022-49723: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: drm/i915/reset: Fix error_state_read ptr + offset use Fix our pointer offset usage in error_state_read when there is no i915_gpu_coredump but buf offset is non-zero. This fixes a kernel page fault can happen when multiple tests are running concurrently in a loop and one is producing engine resets and consuming the i915 error_state dump while the other is forcing full GT resets. (takes a while to trigger). The dmesg call trace: [ 5590.803000] BUG: unable to handle page fault for address: ffffffffa0b0e000 [ 5590.803009] #PF: supervisor read access in kernel mode [ 5590.803013] #PF: error_code(0x0000) - not-present page [ 5590.803016] PGD 5814067 P4D 5814067 PUD 5815063 PMD 109de4067 PTE 0 [ 5590.803022] Oops: 0000 [#1] PREEMPT SMP NOPTI [ 5590.803026] CPU: 5 PID: 13656 Comm: i915_hangman Tainted: G U 5.17.0-rc5-ups69-guc-err-capt-rev6+ #136 [ 5590.803033] Hardware name: Intel Corporation Alder Lake Client Platform/AlderLake-M LP4x RVP, BIOS ADLPFWI1.R00. 3031.A02.2201171222 01/17/2022 [ 5590.803039] RIP: 0010:memcpy_erms+0x6/0x10 [ 5590.803045] Code: fe ff ff cc eb 1e 0f 1f 00 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48 89 d1 <f3> a4 c3 0f 1f 80 00 00 00 00 48 89 f8 48 83 fa 20 72 7e 40 38 fe [ 5590.803054] RSP: 0018:ffffc90003a8fdf0 EFLAGS: 00010282 [ 5590.803057] RAX: ffff888107ee9000 RBX: ffff888108cb1a00 RCX: 0000000000000f8f [ 5590.803061] RDX: 0000000000001000 RSI: ffffffffa0b0e000 RDI: ffff888107ee9071 [ 5590.803065] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001 [ 5590.803069] R10: 0000000000000001 R11: 0000000000000002 R12: 0000000000000019 [ 5590.803073] R13: 0000000000174fff R14: 0000000000001000 R15: ffff888107ee9000 [ 5590.803077] FS: 00007f62a99bee80(0000) GS:ffff88849f880000(0000) knlGS:0000000000000000 [ 5590.803082] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 5590.803085] CR2: ffffffffa0b0e000 CR3: 000000010a1a8004 CR4: 0000000000770ee0 [ 5590.803089] PKRU: 55555554 [ 5590.803091] Call Trace: [ 5590.803093] <TASK> [ 5590.803096] error_state_read+0xa1/0xd0 [i915] [ 5590.803175] kernfs_fop_read_iter+0xb2/0x1b0 [ 5590.803180] new_sync_read+0x116/0x1a0 [ 5590.803185] vfs_read+0x114/0x1b0 [ 5590.803189] ksys_read+0x63/0xe0 [ 5590.803193] do_syscall_64+0x38/0xc0 [ 5590.803197] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 5590.803201] RIP: 0033:0x7f62aaea5912 [ 5590.803204] Code: c0 e9 b2 fe ff ff 50 48 8d 3d 5a b9 0c 00 e8 05 19 02 00 0f 1f 44 00 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 0f 05 <48> 3d 00 f0 ff ff 77 56 c3 0f 1f 44 00 00 48 83 ec 28 48 89 54 24 [ 5590.803213] RSP: 002b:00007fff5b659ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 5590.803218] RAX: ffffffffffffffda RBX: 0000000000100000 RCX: 00007f62aaea5912 [ 5590.803221] RDX: 000000000008b000 RSI: 00007f62a8c4000f RDI: 0000000000000006 [ 5590.803225] RBP: 00007f62a8bcb00f R08: 0000000000200010 R09: 0000000000101000 [ 5590.803229] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000006 [ 5590.803233] R13: 0000000000075000 R14: 00007f62a8acb010 R15: 0000000000200000 [ 5590.803238] </TASK> [ 5590.803240] Modules linked in: i915 ttm drm_buddy drm_dp_helper drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops prime_numbers nfnetlink br_netfilter overlay mei_pxp mei_hdcp x86_pkg_temp_thermal coretemp kvm_intel snd_hda_codec_hdmi snd_hda_intel ---truncated---
AI Analysis
Technical Summary
CVE-2022-49723 is a vulnerability in the Linux kernel's Intel i915 graphics driver subsystem, specifically within the drm/i915/reset component. The flaw arises from improper pointer offset handling in the error_state_read function when there is no i915_gpu_coredump available but a non-zero buffer offset is used. This incorrect pointer arithmetic can lead to a kernel page fault, causing the kernel to crash (kernel oops). The issue manifests under conditions where multiple tests run concurrently in a loop, with one test producing engine resets and consuming the i915 error_state dump, while another forces full Graphics Technology (GT) resets. The vulnerability is subtle and takes time to trigger, but when it does, it results in a supervisor read access fault in kernel mode, as evidenced by the detailed dmesg kernel trace provided. The crash occurs during a memcpy operation, indicating an invalid memory access due to the pointer miscalculation. This vulnerability affects Linux kernel versions containing the specified commit hashes and is related to Intel Alder Lake Client platforms, although it may affect other Intel graphics platforms using the i915 driver. The flaw does not appear to have known exploits in the wild at this time, and no CVSS score has been assigned. The root cause is a logic error in pointer offset usage within the error_state_read function, which has been fixed in the Linux kernel source to prevent kernel page faults and improve stability during concurrent GPU reset operations.
Potential Impact
For European organizations, the primary impact of CVE-2022-49723 is on system stability and availability rather than direct confidentiality or integrity breaches. Systems running Linux kernels with the vulnerable i915 driver may experience kernel panics or crashes under specific workloads involving concurrent GPU resets, which can disrupt services relying on Intel integrated graphics. This is particularly relevant for data centers, cloud providers, and enterprises using Linux-based servers or workstations with Intel graphics hardware for compute or graphical tasks. The downtime caused by kernel crashes can lead to productivity losses, service interruptions, and potential cascading failures in critical infrastructure. While there is no indication of privilege escalation or remote code execution, the denial-of-service (DoS) potential through kernel crashes can be exploited in multi-tenant environments or by malicious insiders to degrade system reliability. European organizations with high reliance on Linux-based systems for scientific computing, media processing, or virtualization that utilize Intel integrated graphics are at risk of operational disruptions if unpatched. The lack of known exploits reduces immediate threat urgency, but the complexity of triggering the fault means it could be overlooked until it causes significant impact in production environments.
Mitigation Recommendations
To mitigate CVE-2022-49723, European organizations should prioritize updating their Linux kernel to the latest stable release where the fix for the i915 error_state_read pointer offset issue has been applied. Kernel updates should be tested in staging environments to ensure compatibility with existing workloads, especially those involving GPU-intensive or concurrent reset operations. Organizations should audit systems using Intel integrated graphics and the i915 driver to identify vulnerable kernel versions. For environments where immediate kernel updates are not feasible, implementing workload scheduling to avoid concurrent GPU reset operations or reducing parallel testing that triggers engine resets can reduce the likelihood of the fault. Monitoring kernel logs (dmesg) for signs of i915-related page faults or crashes can help detect attempts to trigger the vulnerability. Additionally, organizations should ensure robust system monitoring and automated recovery mechanisms to minimize downtime from unexpected kernel panics. Collaboration with Linux distribution vendors for timely patch deployment and backporting fixes to long-term support kernels is recommended. Finally, restricting access to systems that can trigger GPU resets to trusted administrators can reduce risk of accidental or malicious exploitation.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Denmark, Ireland
CVE-2022-49723: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: drm/i915/reset: Fix error_state_read ptr + offset use Fix our pointer offset usage in error_state_read when there is no i915_gpu_coredump but buf offset is non-zero. This fixes a kernel page fault can happen when multiple tests are running concurrently in a loop and one is producing engine resets and consuming the i915 error_state dump while the other is forcing full GT resets. (takes a while to trigger). The dmesg call trace: [ 5590.803000] BUG: unable to handle page fault for address: ffffffffa0b0e000 [ 5590.803009] #PF: supervisor read access in kernel mode [ 5590.803013] #PF: error_code(0x0000) - not-present page [ 5590.803016] PGD 5814067 P4D 5814067 PUD 5815063 PMD 109de4067 PTE 0 [ 5590.803022] Oops: 0000 [#1] PREEMPT SMP NOPTI [ 5590.803026] CPU: 5 PID: 13656 Comm: i915_hangman Tainted: G U 5.17.0-rc5-ups69-guc-err-capt-rev6+ #136 [ 5590.803033] Hardware name: Intel Corporation Alder Lake Client Platform/AlderLake-M LP4x RVP, BIOS ADLPFWI1.R00. 3031.A02.2201171222 01/17/2022 [ 5590.803039] RIP: 0010:memcpy_erms+0x6/0x10 [ 5590.803045] Code: fe ff ff cc eb 1e 0f 1f 00 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48 89 d1 <f3> a4 c3 0f 1f 80 00 00 00 00 48 89 f8 48 83 fa 20 72 7e 40 38 fe [ 5590.803054] RSP: 0018:ffffc90003a8fdf0 EFLAGS: 00010282 [ 5590.803057] RAX: ffff888107ee9000 RBX: ffff888108cb1a00 RCX: 0000000000000f8f [ 5590.803061] RDX: 0000000000001000 RSI: ffffffffa0b0e000 RDI: ffff888107ee9071 [ 5590.803065] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001 [ 5590.803069] R10: 0000000000000001 R11: 0000000000000002 R12: 0000000000000019 [ 5590.803073] R13: 0000000000174fff R14: 0000000000001000 R15: ffff888107ee9000 [ 5590.803077] FS: 00007f62a99bee80(0000) GS:ffff88849f880000(0000) knlGS:0000000000000000 [ 5590.803082] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 5590.803085] CR2: ffffffffa0b0e000 CR3: 000000010a1a8004 CR4: 0000000000770ee0 [ 5590.803089] PKRU: 55555554 [ 5590.803091] Call Trace: [ 5590.803093] <TASK> [ 5590.803096] error_state_read+0xa1/0xd0 [i915] [ 5590.803175] kernfs_fop_read_iter+0xb2/0x1b0 [ 5590.803180] new_sync_read+0x116/0x1a0 [ 5590.803185] vfs_read+0x114/0x1b0 [ 5590.803189] ksys_read+0x63/0xe0 [ 5590.803193] do_syscall_64+0x38/0xc0 [ 5590.803197] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 5590.803201] RIP: 0033:0x7f62aaea5912 [ 5590.803204] Code: c0 e9 b2 fe ff ff 50 48 8d 3d 5a b9 0c 00 e8 05 19 02 00 0f 1f 44 00 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 0f 05 <48> 3d 00 f0 ff ff 77 56 c3 0f 1f 44 00 00 48 83 ec 28 48 89 54 24 [ 5590.803213] RSP: 002b:00007fff5b659ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 5590.803218] RAX: ffffffffffffffda RBX: 0000000000100000 RCX: 00007f62aaea5912 [ 5590.803221] RDX: 000000000008b000 RSI: 00007f62a8c4000f RDI: 0000000000000006 [ 5590.803225] RBP: 00007f62a8bcb00f R08: 0000000000200010 R09: 0000000000101000 [ 5590.803229] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000006 [ 5590.803233] R13: 0000000000075000 R14: 00007f62a8acb010 R15: 0000000000200000 [ 5590.803238] </TASK> [ 5590.803240] Modules linked in: i915 ttm drm_buddy drm_dp_helper drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops prime_numbers nfnetlink br_netfilter overlay mei_pxp mei_hdcp x86_pkg_temp_thermal coretemp kvm_intel snd_hda_codec_hdmi snd_hda_intel ---truncated---
AI-Powered Analysis
Technical Analysis
CVE-2022-49723 is a vulnerability in the Linux kernel's Intel i915 graphics driver subsystem, specifically within the drm/i915/reset component. The flaw arises from improper pointer offset handling in the error_state_read function when there is no i915_gpu_coredump available but a non-zero buffer offset is used. This incorrect pointer arithmetic can lead to a kernel page fault, causing the kernel to crash (kernel oops). The issue manifests under conditions where multiple tests run concurrently in a loop, with one test producing engine resets and consuming the i915 error_state dump, while another forces full Graphics Technology (GT) resets. The vulnerability is subtle and takes time to trigger, but when it does, it results in a supervisor read access fault in kernel mode, as evidenced by the detailed dmesg kernel trace provided. The crash occurs during a memcpy operation, indicating an invalid memory access due to the pointer miscalculation. This vulnerability affects Linux kernel versions containing the specified commit hashes and is related to Intel Alder Lake Client platforms, although it may affect other Intel graphics platforms using the i915 driver. The flaw does not appear to have known exploits in the wild at this time, and no CVSS score has been assigned. The root cause is a logic error in pointer offset usage within the error_state_read function, which has been fixed in the Linux kernel source to prevent kernel page faults and improve stability during concurrent GPU reset operations.
Potential Impact
For European organizations, the primary impact of CVE-2022-49723 is on system stability and availability rather than direct confidentiality or integrity breaches. Systems running Linux kernels with the vulnerable i915 driver may experience kernel panics or crashes under specific workloads involving concurrent GPU resets, which can disrupt services relying on Intel integrated graphics. This is particularly relevant for data centers, cloud providers, and enterprises using Linux-based servers or workstations with Intel graphics hardware for compute or graphical tasks. The downtime caused by kernel crashes can lead to productivity losses, service interruptions, and potential cascading failures in critical infrastructure. While there is no indication of privilege escalation or remote code execution, the denial-of-service (DoS) potential through kernel crashes can be exploited in multi-tenant environments or by malicious insiders to degrade system reliability. European organizations with high reliance on Linux-based systems for scientific computing, media processing, or virtualization that utilize Intel integrated graphics are at risk of operational disruptions if unpatched. The lack of known exploits reduces immediate threat urgency, but the complexity of triggering the fault means it could be overlooked until it causes significant impact in production environments.
Mitigation Recommendations
To mitigate CVE-2022-49723, European organizations should prioritize updating their Linux kernel to the latest stable release where the fix for the i915 error_state_read pointer offset issue has been applied. Kernel updates should be tested in staging environments to ensure compatibility with existing workloads, especially those involving GPU-intensive or concurrent reset operations. Organizations should audit systems using Intel integrated graphics and the i915 driver to identify vulnerable kernel versions. For environments where immediate kernel updates are not feasible, implementing workload scheduling to avoid concurrent GPU reset operations or reducing parallel testing that triggers engine resets can reduce the likelihood of the fault. Monitoring kernel logs (dmesg) for signs of i915-related page faults or crashes can help detect attempts to trigger the vulnerability. Additionally, organizations should ensure robust system monitoring and automated recovery mechanisms to minimize downtime from unexpected kernel panics. Collaboration with Linux distribution vendors for timely patch deployment and backporting fixes to long-term support kernels is recommended. Finally, restricting access to systems that can trigger GPU resets to trusted administrators can reduce risk of accidental or malicious exploitation.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-26T02:21:30.447Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982cc4522896dcbe4964
Added to database: 5/21/2025, 9:09:00 AM
Last enriched: 6/30/2025, 12:41:36 AM
Last updated: 8/11/2025, 9:02:50 PM
Views: 11
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.