What is CVE-2022-0330?

CVE-2022-0330 is a high-severity vulnerability in the Linux kernel's GPU i915 driver, allowing local users to escalate privileges or crash the system. Immediate remediation is crucial.

What is the severity of CVE-2022-0330?

CVE-2022-0330 has a severity rating of HIGH with a CVSS base score of 7.8.

CVE-2022-0330 | High Vulnerability in Linux Kernel GPU Driver

CVE-2022-0330 is a high-severity vulnerability affecting the Linux kernel, specifically within the GPU i915 driver. This vulnerability allows local users to run malicious code on the GPU, which can lead to system crashes or privilege escalation. With a CVSS score of 7.8, it poses a significant risk to organizations utilizing affected Linux distributions.

The exploitability of this vulnerability is high, highlighting the urgency for organizations to address it promptly. Given that local access is required for exploitation, attackers may leverage this flaw to gain elevated privileges, potentially compromising sensitive data or system integrity.

Organizations should prioritize patching immediately. The vulnerability was published on March 25, 2022, and remains relevant as it continues to pose risks across various Linux distributions.

As of now, there is no known public exploit for CVE-2022-0330, but proactive measures are essential to prevent potential exploitation.

Vulnerability Details

A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality. This flaw allows a local user to crash the system or escalate their privileges on the system. The vulnerability is classified under CWE-281, which pertains to improper privilege management.

The CVSS score for this vulnerability is 7.8, indicating high severity. The base score reflects the impact on confidentiality, integrity, and availability, all rated as high. The attack vector is local, and the required privileges are low, making it easier for an attacker with local access to exploit this flaw.

The affected versions include those prior to 5.17 of the Linux kernel, as well as specific versions of Red Hat's CodeReady Linux Builder and other related products.

Technical Analysis

The root cause of this vulnerability lies in the GPU driver’s handling of memory access, which can be manipulated by a local user to execute arbitrary code. The attack vector is local, meaning an attacker must have local access to the affected system.

The attack complexity is low, and no user interaction is required, further increasing the risk. The confidentiality, integrity, and availability impacts are all rated as high, indicating that successful exploitation could lead to significant damage.

Risk & Impact Analysis

Risk to organizations includes potential unauthorized access to sensitive data, system crashes, and a compromised system integrity. With the ability to escalate privileges, attackers could gain control over critical systems, leading to further exploitation or data breaches.

The vulnerability affects a wide range of Linux distributions, making its impact substantial. Given the high CVSS score and the nature of the flaw, organizations should address this vulnerability in their patch management cycle without delay.

The urgency for remediation is high, especially for organizations heavily reliant on Linux systems for critical operations.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

Affected versions include the Linux kernel prior to version 5.17, as well as specific versions of Red Hat's products including CodeReady Linux Builder, Enterprise Linux, and others. Organizations should ensure they are on the latest patched versions to mitigate this vulnerability.

Mitigation & Remediation

Organizations should update to the latest patched versions of affected software immediately. Additionally, they should review the security configurations of their systems and implement network controls to limit local access where feasible.

For those unable to apply patches immediately, consider implementing additional monitoring for unusual activities or processes that could indicate exploitation attempts.

More information on secure practices for software updates can be found through continuous security testing.

Detection Guidance

To detect potential exploitation of this vulnerability, monitor logs for abnormal GPU activity, unexpected system crashes, or privilege escalation attempts. Behavioral anomalies may also indicate attempts to exploit this flaw.

AppSecure Threat Intelligence Insight

CVE-2022-0330 exemplifies the critical need for organizations to maintain robust security practices around their software supply chains. As vulnerabilities emerge, patterns of exploitation can shift, making it essential for security teams to stay informed and proactive.

For comprehensive strategies on vulnerability management, see our insights on the vulnerability management program and the necessity of penetration testing methodologies in assessing the security posture of systems.

Additionally, understanding the trends in ransomware attacks can aid organizations in fortifying defenses.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2022-0330: High Vulnerability in Linux Kernel GPU Driver