An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).
CVE-2022-36280 - Medium Severity Vulnerability
Vulnerable Library - linux-stable-rtv4.1.33
Julia Cartwright's fork of linux-stable-rt.git
Library home page: https://git.kernel.org/pub/scm/linux/kernel/git/julia/linux-stable-rt.git
Found in HEAD commit: 5efa23eac0f04571d486a6f7706fccc426b46cac
Found in base branch: master
Vulnerable Source Files (2)
/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c /drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
Vulnerability Details
An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).
Publish Date: 2022-09-09
URL: CVE-2022-36280
CVSS 3 Score Details (5.5)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://www.linuxkernelcves.com/cves/CVE-2022-36280
Release Date: 2022-09-09
Fix Resolution: v4.9.337,v4.14.303,v4.19.270,v5.4.229,v5.10.163,v5.15.87,v6.0.18,v6.1.4
Step up your Open Source Security Game with Mend here