CVE-2022-38096

2022-09-0915:15:14

CWE-476

[email protected]

web.nvd.nist.gov

181

cve-2022-38096

vmwgfx driver

linux kernel

gpu

null pointer dereference

privilege escalation

denial of service

nvd

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H

5.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file ‘/dev/dri/renderD128 (or Dxxx)’. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).

Affected configurations

NVD

Node

linuxlinux_kernelRange4.20≥

CPENameOperatorVersion
linux:linux_kernellinux linux kerneleq*

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	eq	*

CNA Affected

[
  {
    "vendor": "Linux",
    "product": "kernel",
    "versions": [
      {
        "version": "v4.20-rc1",
        "status": "affected",
        "lessThan": "5.13.0-52*",
        "versionType": "custom"
      }
    ]
  }
]