CVE-2022-0330
Published on: Not Yet Published
Last Modified on: 12/07/2022 05:08:00 PM UTC
Certain versions of Fedora from Fedoraproject contain the following vulnerability:
A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.
- CVE-2022-0330 has been assigned by
[email protected] to track the vulnerability - currently rated as HIGH severity.
CVSS3 Score: 7.8 - HIGH
| Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|---|---|---|---|
| LOCAL | LOW | LOW | NONE |
| Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
| UNCHANGED | HIGH | HIGH | HIGH |
CVSS2 Score: 4.6 - MEDIUM
| Access Vector ⓘ |
Access Complexity |
Authentication |
|---|---|---|
| LOCAL | LOW | NONE |
| Confidentiality Impact |
Integrity Impact |
Availability Impact |
| PARTIAL | PARTIAL | PARTIAL |
CVE References
| Description | Tags ⓘ | Link |
|---|---|---|
| oss-security - Linux kernel: Security sensitive bug in the i915 kernel driver (CVE-2022-0330) | www.openwall.com text/html |
MISC www.openwall.com/lists/oss-security/2022/01/25/12 |
| CVE-2022-0330 Linux Kernel Vulnerability in NetApp Products | NetApp Product Security | security.netapp.com text/html |
CONFIRM security.netapp.com/advisory/ntap-20220526-0001/ |
| oss-security - Security sensitive bug in the i915 kernel driver (CVE-2022-4139) | www.openwall.com text/html |
MLIST [oss-security] 20221130 Security sensitive bug in the i915 kernel driver (CVE-2022-4139) |
| 2042404 – (CVE-2022-0330) CVE-2022-0330 kernel: possible privileges escalation due to missing TLB flush | bugzilla.redhat.com text/html |
MISC bugzilla.redhat.com/show_bug.cgi?id=2042404 |
Related QID Numbers
- 159664 Oracle Enterprise Linux Security Update for kernel security and bug fix update (ELSA-2022-0620)
- 159700 Oracle Enterprise Linux Security Update for kernel (ELSA-2022-0825)
- 159727 Oracle Enterprise Linux Security Update for unbreakable enterprise kernel-container (ELSA-2022-9245)
- 159729 Oracle Enterprise Linux Security Update for unbreakable enterprise kernel (ELSA-2022-9244)
- 159741 Oracle Enterprise Linux Security Update for unbreakable enterprise kernel (ELSA-2022-9260)
- 159760 Oracle Enterprise Linux Security Update for unbreakable enterprise kernel-container (ELSA-2022-9314)
- 159763 Oracle Enterprise Linux Security Update for unbreakable enterprise kernel (ELSA-2022-9313)
- 179104 Debian Security Update for linux (DSA 5092-1)
- 179117 Debian Security Update for linux (DSA 5096-1)
- 179118 Debian Security Update for linux (DLA 2940-1)
- 179119 Debian Security Update for linux-4.19 (DLA 2941-1)
- 198659 Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-5278-1)
- 198665 Ubuntu Security Notification for Linux kernel (HWE) Vulnerabilities (USN-5295-1)
- 198667 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5294-1)
- 198673 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5295-2)
- 198674 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5294-2)
- 198676 Ubuntu Security Notification for Linux kernel (GKE) Vulnerabilities (USN-5297-1)
- 198678 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5298-1)
- 198728 Ubuntu Security Notification for Linux kernel (Intel IOTG) Vulnerabilities (USN-5362-1)
- 240093 Red Hat Update for kpatch-patch (RHSA-2022:0592)
- 240096 Red Hat Update for kernel-rt (RHSA-2022:0622)
- 240115 Red Hat Update for kernel (RHSA-2022:0620)
- 240120 Red Hat Update for kpatch-patch (RHSA-2022:0772)
- 240121 Red Hat Update for kernel-rt (RHSA-2022:0771)
- 240122 Red Hat Update for kernel security (RHSA-2022:0777)
- 240125 Red Hat Update for kernel-rt (RHSA-2022:0821)
- 240128 Red Hat Update for kernel security (RHSA-2022:0825)
- 240129 Red Hat Update for kernel security (RHSA-2022:0820)
- 240130 Red Hat Update for kernel-rt (RHSA-2022:0819)
- 240144 Red Hat Update for kpatch-patch (RHSA-2022:0849)
- 240154 Red Hat Update for kpatch-patch (RHSA-2022:0925)
- 240418 Red Hat Update for kpatch-patch (RHSA-2022:0851)
- 240441 Red Hat Update for kpatch-patch (RHSA-2022:1103)
- 240448 Red Hat Update for kpatch-patch (RHSA-2022:0718)
- 257155 CentOS Security Update for kernel (CESA-2022:0620)
- 282309 Fedora Security Update for kernel (FEDORA-2022-a39015bec2)
- 282313 Fedora Security Update for kernel (FEDORA-2022-48acd4718d)
- 353165 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.4-2022-022
- 353166 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.10-2022-010
- 353184 Amazon Linux Security Advisory for kernel : ALAS-2022-1571
- 353195 Amazon Linux Security Advisory for kernel : ALAS2-2022-1761
- 353242 Amazon Linux Security Advisory for kernel : ALAC2012-2022-036
- 353243 Amazon Linux Security Advisory for kmod-mlx5 : ALAC2012-2022-037
- 353244 Amazon Linux Security Advisory for kmod-sfc : ALAC2012-2022-038
- 376925 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2022:0125)
- 377053 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX2-SA-2022:0028)
- 377124 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2022:0029)
- 390258 Oracle VM Server for x86 Security Update for kernel (OVMSA-2022-0011)
- 671448 EulerOS Security Update for kernel (EulerOS-SA-2022-1450)
- 671474 EulerOS Security Update for kernel (EulerOS-SA-2022-1429)
- 751695 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0367-1)
- 751696 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0364-1)
- 751697 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0366-1)
- 751698 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0362-1)
- 751699 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0365-1)
- 751700 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2022:0363-1)
- 751701 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2022:0366-1)
- 751702 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0371-1)
- 751703 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0372-1)
- 751704 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2022:0370-1)
- 752005 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0370-1)
- 752117 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 41 for SLE 12 SP3) (SUSE-SU-2022:1640-1)
- 753100 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 15 for SLE 15 SP2) (SUSE-SU-2022:1605-1)
- 753172 SUSE Enterprise Linux Security Update for the Linux RT Kernel (SUSE-SU-2022:0543-1)
- 753212 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0363-1)
- 753227 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 12 for SLE 15 SP3) (SUSE-SU-2022:1569-1)
- 753241 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 10 for SLE 15 SP3) (SUSE-SU-2022:1575-1)
- 753256 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 13 for SLE 15 SP2) (SUSE-SU-2022:1591-1)
- 753280 SUSE Enterprise Linux Security Update for the Linux RT Kernel (SUSE-SU-2022:0544-1)
- 753349 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 23 for SLE 15 SP2) (SUSE-SU-2022:1637-1)
- 753377 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 27 for SLE 15 SP1) (SUSE-SU-2022:1589-1)
- 900798 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (9268)
- 901860 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (9238)
- 902021 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (9268-1)
- 902100 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (9238-1)
- 906052 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (9268-2)
- 906470 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (9238-2)
- 940463 AlmaLinux Security Update for kernel (ALSA-2022:0825)
- 960113 Rocky Linux Security Update for kernel-rt (RLSA-2022:819)
- 960116 Rocky Linux Security Update for kernel (RLSA-2022:825)
- 960782 Rocky Linux Security Update for kernel-rt (RLSA-2022:0819)
- 960805 Rocky Linux Security Update for kernel (RLSA-2022:0825)
Known Affected Configurations (CPE V2.3)
- cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*:
- cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*:
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*:
- cpe:2.3:o:linux:linux_kernel:5.17:-:*:*:*:*:*:*:
- cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*:
- cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:a:redhat:3scale_api_management:2.0:*:*:*:*:*:*:*:
- cpe:2.3:a:redhat:codeready_linux_builder:8.0:*:*:*:*:*:*:*:
- cpe:2.3:a:redhat:codeready_linux_builder:8.4:*:*:*:*:*:*:*:
- cpe:2.3:a:redhat:codeready_linux_builder_eus:8.2:*:*:*:*:*:*:*:
- cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian:8.2:*:*:*:*:*:*:*:
- cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.0:*:*:*:*:*:*:*:
- cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*:
- cpe:2.3:a:redhat:developer_tools:1.0:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux:-:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:-:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:-:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_for_real_time:7:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_for_real_time:8:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:7:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:8:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.2:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.4:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.2:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.4:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.6:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.7:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*:
- cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.7:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*:
- cpe:2.3:a:redhat:ovirt-node:4.4.10:*:*:*:*:*:*:*:
- cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*:
- cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
| Source | Title | Posted (UTC) |
|---|---|---|
 @oss_security |
Linux kernel: Security sensitive bug in the i915 kernel driver (CVE-2022-0330): Posted by Tvrtko Ursulin on Jan 25… twitter.com/i/web/status/1… | 2022-01-25 20:37:03 |
| @omokazuki |
SIOSセキュリティブログを更新しました。 Linux Kernelのi915ドライバの脆弱性(Important: CVE-2022-0330) #sios_tech #security #vulnerability… twitter.com/i/web/status/1… | 2022-01-25 22:04:06 |
| @matsuu_zatsu |
Linux Kernelのi915ドライバの脆弱性(Important: CVE-2022-0330) security.sios.com/vulnerability/… | 2022-01-26 11:47:56 |
| @matsuoka_UCWDjp |
Linux Kernelのi915ドライバの脆弱性(Important: CVE-2022-0330) - security.sios.com security.sios.com/vulnerability/… | 2022-01-26 12:06:01 |
| @RichFelker |
Yet another reason not to trust that IOMMU makes everything ok: CVE-2022-0330. openwall.com/lists/oss-secu… | 2022-01-26 16:24:57 |
| @phoronix |
[email protected] #Linux Driver Patched For New #Security Issue But Can Impact Performance phoronix.com/scan.php?page=… | 2022-01-26 18:55:59 |
| @abclinuxu |
Bezpečnostní chyba CVE-2022-0330 v Linuxu v ovladači i915 abclinuxu.cz/zpravicky/bezp… | 2022-01-26 23:28:25 |
| @andersonc0d3 |
Linux kernel: Security sensitive bug in the i915 kernel driver (CVE-2022-0330) seclists.org/oss-sec/2022/q… | 2022-01-27 03:05:46 |
| @FrankSeyen |
Intel's Linux Graphics Driver Patched For New Security Issue But Can Impact Performance phoronix.com/scan.php?page=… via @phoronix | 2022-01-27 05:16:46 |
| @pam_p007 |
ユーザースペースがランダムにアクセスすることにつながる可能性のあるi915の問題を発表 メモリページ(CVE-2022-0330)。 カーネルパッケージをアップグレードした後は、必ずinitrdをアップグレードしてください。 | 2022-02-03 17:36:30 |
| @management_sun |
IT Risk: Ubuntu.Multiple vulnerabilities in Linux kernel (OEM) -3/3 CVE-2022-0264 CVE-2022-0330 CVE-2022-0382 CVE-2022-22942 | 2022-02-09 11:41:37 |
| @management_sun |
IT Risk: Tenable.Multiple Vulnerabilities in Nessus CVSS v3:9.8 (MAX) -3/3 CVE-2022-0330 CVE-2022-0382 CVE-2022-22942 | 2022-02-09 11:52:28 |
| @softek_jp |
Linux Kernel の Intel i915 ドライバの処理に特権を奪われる問題 (CVE-2022-0330) [41287] sid.softek.jp/content/show/4… #SIDfm #脆弱性情報 | 2022-02-10 05:35:11 |
| @management_sun |
IT Risk: SUSE.Linux Kernelに複数の脆弱性 -2/2 CVE-2022-0330 CVE-2021-4197 CVE-2021-4202 CVE-2021-4083 CVE-2021-4149 | 2022-02-11 07:58:18 |
| @management_sun |
IT Risk: SUSE.Multiple Vulnerabilities in Linux Kernel -2/2 CVE-2021-39657 CVE-2021-39648 CVE-2022-0330 CVE-2021-41… twitter.com/i/web/status/1… | 2022-02-11 07:58:50 |
| @management_sun |
IT Risk: SUSE.Multiple Vulnerabilities in Linux Kernel -3/3 CVE-2022-0330 | 2022-02-11 08:19:58 |
| @Har_sia |
CVE-2022-0330 har-sia.info/CVE-2022-0330.… #HarsiaInfo | 2022-02-12 07:02:16 |
| @management_sun |
IT Risk:SUSE.Multiple Vulnerabilities in Linux Kernel -2/2 CVE-2021-39648 CVE-2022-0330 CVE-2021-4197 CVE-2021-4202… twitter.com/i/web/status/1… | 2022-02-14 07:58:13 |
| @CVEreport |
CVE-2022-0330 : A random memory access flaw was found in the #Linux #kernel's GPU i915 kernel driver functionality… twitter.com/i/web/status/1… | 2022-03-25 19:05:44 |
 /r/synology |
DSM Version: 7.1.1-42951 (Release Candidate) | 2022-08-10 06:07:14 |
| /r/synology |
Has anyone seen the release notes for the latest DSM 7.1.1 Release Candidate. Fixes a scary amount of CVEs. | 2022-08-16 14:26:29 |
| /r/synology |
DSM 7.1.1-42962 released! | 2022-09-05 11:39:36 |
| /r/asustor |
ADM 4.1.0.RLQ1 update available (2022-09-28) | 2022-10-08 04:00:04 |