CVE-2022-38457

NameCVE-2022-38457
DescriptionA use-after-free(UAF) vulnerability was found in function 'vmw_cmd_res_check' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)buster4.19.249-2fixed
buster (security)4.19.269-1fixed
bullseye5.10.158-2vulnerable
bullseye (security)5.10.162-1vulnerable
bookworm6.1.7-1vulnerable
sid6.1.8-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsourcebuster(not affected)
linuxsource(unstable)(unfixed)

Notes

[buster] - linux <not-affected> (Vulnerable code not present)
https://bugzilla.openanolis.cn/show_bug.cgi?id=2074

Search for package or bug name: Reporting problems