Trinadh465 / linux-3.0.35_CVE-2019-10220

Other
0 stars 0 forks source link

CVE-2022-36280 (Medium) detected in linuxlinux-3.0.40 - autoclosed #641

Closed mend-bolt-for-github[bot] closed 7 months ago

mend-bolt-for-github[bot] commented 1 year ago

CVE-2022-36280 - Medium Severity Vulnerability

Vulnerable Library - linuxlinux-3.0.40

Apache Software Foundation (ASF)

Library home page: https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/?wsslib=linux

Found in base branch: master

Vulnerable Source Files (2)

/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c /drivers/gpu/drm/vmwgfx/vmwgfx_kms.c

Vulnerability Details

An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).

Publish Date: 2022-09-09

URL: CVE-2022-36280

CVSS 3 Score Details (5.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.linuxkernelcves.com/cves/CVE-2022-36280

Release Date: 2022-09-09

Fix Resolution: v4.9.337,v4.14.303,v4.19.270,v5.4.229,v5.10.163,v5.15.87,v6.0.18,v6.1.4


Step up your Open Source Security Game with Mend here

mend-bolt-for-github[bot] commented 1 year ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.