CVE-2022-36402

NameCVE-2022-36402
DescriptionAn integer overflow vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)buster4.19.249-2undetermined
buster (security)4.19.282-1undetermined
bullseye5.10.178-3undetermined
bullseye (security)5.10.179-1undetermined
bookworm, sid6.1.27-1undetermined

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsource(unstable)undetermined

Notes

https://bugzilla.openanolis.cn/show_bug.cgi?id=2072
Might be OpenAnolis specific issues, check when Bugzilla entries are public
Search for package or bug name: Reporting problems