{ "threat_severity" : "Low", "public_date" : "2025-02-26T00:00:00Z", "bugzilla" : { "description" : "kernel: drm/i915/reset: Fix error_state_read ptr + offset use", "id" : "2347749", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2347749" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\ndrm/i915/reset: Fix error_state_read ptr + offset use\nFix our pointer offset usage in error_state_read\nwhen there is no i915_gpu_coredump but buf offset\nis non-zero.\nThis fixes a kernel page fault can happen when\nmultiple tests are running concurrently in a loop\nand one is producing engine resets and consuming\nthe i915 error_state dump while the other is\nforcing full GT resets. (takes a while to trigger).\nThe dmesg call trace:\n[ 5590.803000] BUG: unable to handle page fault for address:\nffffffffa0b0e000\n[ 5590.803009] #PF: supervisor read access in kernel mode\n[ 5590.803013] #PF: error_code(0x0000) - not-present page\n[ 5590.803016] PGD 5814067 P4D 5814067 PUD 5815063 PMD 109de4067\nPTE 0\n[ 5590.803022] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ 5590.803026] CPU: 5 PID: 13656 Comm: i915_hangman Tainted: G U\n5.17.0-rc5-ups69-guc-err-capt-rev6+ #136\n[ 5590.803033] Hardware name: Intel Corporation Alder Lake Client\nPlatform/AlderLake-M LP4x RVP, BIOS ADLPFWI1.R00.\n3031.A02.220117122201/17/2022\n[ 5590.803039] RIP: 0010:memcpy_erms+0x6/0x10\n[ 5590.803045] Code: fe ff ff cc eb 1e 0f 1f 00 48 89 f8 48 89 d1\n48 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 c3\n66 0f 1f 44 00 00 48 89 f8 48 89 d1 a4\nc3 0f 1f 80 00 00 00 00 48 89 f8 48 83 fa 20\n72 7e 40 38 fe\n[ 5590.803054] RSP: 0018:ffffc90003a8fdf0 EFLAGS: 00010282\n[ 5590.803057] RAX: ffff888107ee9000 RBX: ffff888108cb1a00\nRCX: 0000000000000f8f\n[ 5590.803061] RDX: 0000000000001000 RSI: ffffffffa0b0e000\nRDI: ffff888107ee9071\n[ 5590.803065] RBP: 0000000000000000 R08: 0000000000000001\nR09: 0000000000000001\n[ 5590.803069] R10: 0000000000000001 R11: 0000000000000002\nR12: 0000000000000019\n[ 5590.803073] R13: 0000000000174fff R14: 0000000000001000\nR15: ffff888107ee9000\n[ 5590.803077] FS: 00007f62a99bee80(0000) GS:ffff88849f880000(0000)\nknlGS:0000000000000000\n[ 5590.803082] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 5590.803085] CR2: ffffffffa0b0e000 CR3: 000000010a1a8004\nCR4: 0000000000770ee0\n[ 5590.803089] PKRU: 55555554\n[ 5590.803091] Call Trace:\n[ 5590.803093] \n[ 5590.803096] error_state_read+0xa1/0xd0 [i915]\n[ 5590.803175] kernfs_fop_read_iter+0xb2/0x1b0\n[ 5590.803180] new_sync_read+0x116/0x1a0\n[ 5590.803185] vfs_read+0x114/0x1b0\n[ 5590.803189] ksys_read+0x63/0xe0\n[ 5590.803193] do_syscall_64+0x38/0xc0\n[ 5590.803197] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[ 5590.803201] RIP: 0033:0x7f62aaea5912\n[ 5590.803204] Code: c0 e9 b2 fe ff ff 50 48 8d 3d 5a b9 0c 00 e8 05\n19 02 00 0f 1f 44 00 00 f3 0f 1e fa 64 8b 04 25\n18 00 00 00 85 c0 75 10 0f 05 <48> 3d 00 f0 ff\nff 77 56 c3 0f 1f 44 00 00 48 83 ec 28 48 89 54 24\n[ 5590.803213] RSP: 002b:00007fff5b659ae8 EFLAGS: 00000246\nORIG_RAX: 0000000000000000\n[ 5590.803218] RAX: ffffffffffffffda RBX: 0000000000100000\nRCX: 00007f62aaea5912\n[ 5590.803221] RDX: 000000000008b000 RSI: 00007f62a8c4000f\nRDI: 0000000000000006\n[ 5590.803225] RBP: 00007f62a8bcb00f R08: 0000000000200010\nR09: 0000000000101000\n[ 5590.803229] R10: 0000000000000001 R11: 0000000000000246\nR12: 0000000000000006\n[ 5590.803233] R13: 0000000000075000 R14: 00007f62a8acb010\nR15: 0000000000200000\n[ 5590.803238] \n[ 5590.803240] Modules linked in: i915 ttm drm_buddy drm_dp_helper\ndrm_kms_helper syscopyarea sysfillrect sysimgblt\nfb_sys_fops prime_numbers nfnetlink br_netfilter\noverlay mei_pxp mei_hdcp x86_pkg_temp_thermal\ncoretemp kvm_intel snd_hda_codec_hdmi snd_hda_intel\n---truncated---" ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2023-05-16T00:00:00Z", "advisory" : "RHSA-2023:2951", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kernel-0:4.18.0-477.10.1.el8_8" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-05-09T00:00:00Z", "advisory" : "RHSA-2023:2458", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-284.11.1.el9_2" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-05-09T00:00:00Z", "advisory" : "RHSA-2023:2458", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-284.11.1.el9_2" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-49723\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49723\nhttps://lore.kernel.org/linux-cve-announce/2025022633-CVE-2022-49723-ac32@gregkh/T" ], "name" : "CVE-2022-49723", "csaw" : false }