Lucene search

[email protected]CVE-2022-40133

HistorySep 09, 2022 - 3:15 p.m.

CVE-2022-40133

2022-09-0915:15:15

CWE-416

[email protected]

web.nvd.nist.gov

232

cve-2022-40133

use-after-free

uaf

vmw_execbuf_tie_context

vmwgfx driver

linux kernel

privilege escalation

denial of service

nvd

security vulnerability

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H

6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A use-after-free(UAF) vulnerability was found in function ‘vmw_execbuf_tie_context’ in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel’s vmwgfx driver with device file ‘/dev/dri/renderD128 (or Dxxx)’. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).

Affected configurations

NVD

Node

linuxlinux_kernelRange4.20–6.1.7

linuxlinux_kernelMatch6.2rc1

linuxlinux_kernelMatch6.2rc2

linuxlinux_kernelMatch6.2rc3

linuxlinux_kernelMatch6.2rc4

CPENameOperatorVersion
linux:linux_kernellinux linux kernellt6.1.7
linux:linux_kernellinux linux kerneleq6.2

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	lt	6.1.7
linux:linux_kernel	linux linux kernel	eq	6.2

CNA Affected

[
  {
    "product": "kernel",
    "vendor": "Linux",
    "versions": [
      {
        "lessThan": "5.13.0-52*",
        "status": "affected",
        "version": "v4.20-rc1",
        "versionType": "custom"
      }
    ]
  }
]