Lucene search

[email protected]CVE-2022-38457

HistorySep 09, 2022 - 3:15 p.m.

CVE-2022-38457

2022-09-0915:15:14

CWE-416

[email protected]

web.nvd.nist.gov

234

cve-2022-38457

linux kernel

vmwgfx driver

use-after-free

uaf

privilege escalation

denial of service

dos

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H

6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A use-after-free(UAF) vulnerability was found in function ‘vmw_cmd_res_check’ in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel’s vmwgfx driver with device file ‘/dev/dri/renderD128 (or Dxxx)’. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).

Affected configurations

NVD

Node

linuxlinux_kernelRange4.20–6.1.7

linuxlinux_kernelMatch6.2rc1

linuxlinux_kernelMatch6.2rc2

linuxlinux_kernelMatch6.2rc3

linuxlinux_kernelMatch6.2rc4

CPENameOperatorVersion
linux:linux_kernellinux linux kernellt6.1.7
linux:linux_kernellinux linux kerneleq6.2

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	lt	6.1.7
linux:linux_kernel	linux linux kernel	eq	6.2

CNA Affected

[
  {
    "product": "kernel",
    "vendor": "Linux",
    "versions": [
      {
        "lessThan": "5.13.0-52*",
        "status": "affected",
        "version": "v4.20-rc1",
        "versionType": "custom"
      }
    ]
  }
]