CVE-2022-36280

Name
CVE-2022-36280
Description
An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://bugzilla.openanolis.cn/show_bug.cgi?id=2071
Third Party Advisory https://www.debian.org/security/2023/dsa-5324
MLIST https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html
MLIST https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* linux_kernel >= 3.2 <= 5.13.0-52

Vulnerable and fixed packages

Source package Branch Version Maintainer Status