CVE-2022-38676 In gpu driver, there is a possible out of bounds write due to a missing bounds check

The fix is to add a bounds check before copying data to user memory.

In Windows, the default gpu driver is not patched. If a Windows user installs a linux gpu driver, it could lead to kernel panic. The root cause of this bug is due to the fact that windows does not support the concept of virtual devices. The windows gpu driver not being patched, leads to a possible out of bounds write. It is recommended to keep Windows as the default gpu driver in distributions. The windows gpu driver is already patched to prevent this issue.

CVE-2021-38672

This bug is caused by a cast to a pointer that was not checked for null before use.
This bug may cause an out of bounds access if the memory was accessed from user space. To prevent this issue, it is recommended to check the pointer before using it.

CVE-2021-38665

The fix is to add a bounds check before copying data to user memory.
In Windows, the default gpu driver is not patched. If a Windows user installs a linux gpu driver, it could lead to kernel panic. The root cause of this bug is due to the fact that windows does not support the concept of virtual devices. The windows gpu driver not being patched, leads to a possible out of bounds write. It is recommended to keep Windows as the default gpu driver in distributions. The windows gpu driver is already patched to prevent this issue.

Windows: The default gpu driver is not patched

The reason why the Windows gpu driver is not patched is because windows does not support the concept of virtual devices. It doesn't have a notion of abstracted drivers or virtual devices like Linux has. This is the reason why windows cannot be patched.

The fix for this issue is to add a bounds check before copying data to user memory.

Crash Information

If a user executes a program that has this bug, it will crash with a kernel panic. The kernel may print the following information:
"kASLR: unable to find any KDSR in sequence"
The crash was caused by an out of bounds write to memory.

Timeline

Published on: 10/14/2022 19:15:00 UTC
Last modified on: 10/18/2022 18:48:00 UTC

References

• https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38676