Bug 1199720 - (CVE-2022-28348) VUL-1: CVE-2022-28348: kernel-source-azure,kernel-source-rt,kernel-source: improper GPU memory operations to reach a use-after-free situation Arm Mali GPU Kernel Driver
(CVE-2022-28348)
VUL-1: CVE-2022-28348: kernel-source-azure,kernel-source-rt,kernel-source: im...
Status: RESOLVED INVALID
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/332375/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-05-19 14:05 UTC by Thomas Leroy
Modified: 2022-05-30 13:40 UTC (History)
6 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Leroy 2022-05-19 14:05:35 UTC
CVE-2022-28348

Arm Mali GPU Kernel Driver (Midgard r4p0 through r31p0, Bifrost r0p0 through
r36p0 before r37p0, and Valhall r19p0 through r36p0 before r37p0) allows
improper GPU memory operations to reach a use-after-free situation.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-28348
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28348
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities
https://developer.arm.com/support/arm-security-updates
Comment 1 Thomas Leroy 2022-05-19 14:09:18 UTC
Seems that there are ARM Mali drivers in kernel-source in drivers/gpu/drm/arm/, but I don't think this is for Midgard, Bifrost and Valhall. Those ones seem shipped directly by ARM [0][1][2]. I can't find relevant signs of those GPU models in our sources. Probably not for us

[0] https://developer.arm.com/downloads/-/mali-drivers/midgard-kernel
[1] https://developer.arm.com/downloads/-/mali-drivers/bifrost-kernel
[2] https://developer.arm.com/downloads/-/mali-drivers/valhall-kernel
Comment 2 Takashi Iwai 2022-05-19 14:58:23 UTC
(In reply to Thomas Leroy from comment #1)
> Seems that there are ARM Mali drivers in kernel-source in
> drivers/gpu/drm/arm/, but I don't think this is for Midgard, Bifrost and
> Valhall. Those ones seem shipped directly by ARM [0][1][2]. I can't find
> relevant signs of those GPU models in our sources. Probably not for us

That's my understanding, too.
To be sure, adding our graphics and ARM guys.
Comment 3 Patrik Jakobsson 2022-05-20 07:10:18 UTC
Yes, this relates only to the ARM out-of-tree drivers.

However I do not know for sure if we package the out-of-tree driver as a KMP or not. Perhaps Matthias knows more about that?
Comment 4 Matthias Brugger 2022-05-20 08:49:09 UTC
(In reply to Patrik Jakobsson from comment #3)
> Yes, this relates only to the ARM out-of-tree drivers.
> 
> However I do not know for sure if we package the out-of-tree driver as a KMP
> or not. Perhaps Matthias knows more about that?

Unfortunately we don't do that for now.
Comment 5 Takashi Iwai 2022-05-20 09:15:29 UTC
Heh, then it's rather fortunate -- we are unaffected :)

Reassigned back to security team.
Comment 6 Thomas Leroy 2022-05-20 10:07:40 UTC
Thank you very much to everyone for having taken a look! Closing