CVE-2022-49635
Published: 26 February 2025
Description
In the Linux kernel, the following vulnerability has been resolved: drm/i915/selftests: fix subtraction overflow bug On some machines hole_end can be small enough to cause subtraction overflow. On the other side (addr + 2 * min_alignment) can overflow in case of mock tests. This patch should handle both cases. (cherry picked from commit ab3edc679c552a466e4bf0b11af3666008bd65a2)
Security Summary
CVE-2022-49635 is a subtraction overflow vulnerability in the Linux kernel's drm/i915/selftests component. The issue arises when hole_end is small enough to trigger subtraction overflow on certain machines, or when addr + 2 * min_alignment overflows during mock tests. Rated at CVSS 3.1 score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and mapped to CWE-787 (Out-of-bounds Write), it was resolved via a patch cherry-picked from commit ab3edc679c552a466e4bf0b11af3666008bd65a2.
A local attacker with low privileges can exploit this vulnerability without user interaction. Successful exploitation could result in high impacts to confidentiality, integrity, and availability, potentially allowing out-of-bounds writes that lead to kernel crashes or code execution within the local attacker's scope.
Mitigation involves applying the stable kernel patches referenced in the kernel git repository, such as commit 333991c4e66b3d4b5613315f18016da80344f659 and e8997d2d6b8d764e12489f1af2a1ce1d7384ca2a, which explicitly handle both overflow cases in the selftests calculations.
Details
- CWE(s)