QwikSec

Security Database

CVE

CWE

Training

CVE-2022-36280

Published: Sep 9, 2022

Modified: Sep 17, 2024

PUBLISHED

CVSS v3.1

6.3

MEDIUM

Description

An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).

Vendor	Product	Versions
Linux	kernel	affected `v3.2-rc1 - < 5.13.0-52*`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

High

References

https://bugzilla.openanolis.cn/show_bug.cgi?id=2071

vendor-advisory

[debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update

mailing-list

[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.