Bugzilla – Bug 1203329
VUL-0: CVE-2022-40133: kernel: use-after-free in 'vmw_execbuf_tie_context' in vmxgfx
Last modified: 2022-12-01 07:09:29 UTC
CVE-2022-40133 A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf_tie_context' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS). References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40133 https://www.cve.org/CVERecord?id=CVE-2022-40133 https://bugzilla.openanolis.cn/show_bug.cgi?id=2075
Thomas, this seems to be in your area. Please, handle the bug or eventually assign it to a more appropriate person.
Hi (In reply to Petr Mladek from comment #3) > Thomas, this seems to be in your area. Please, handle the bug or eventually > assign it to a more appropriate person. I keep it on my radar, together with these other CVEs. But there's little information available. (?) The upstream trees for the driver don't have a patch yet. I cannot access the bug tracked at openalolis.cn. Do we have a login to it?
Thomas, by any chance did you notice anything that could match the CVE description?
Hi (In reply to Jan Kara from comment #5) > Thomas, by any chance did you notice anything that could match the CVE > description? Neither for this CVE nor for the others against the vmwgfx driver. The code has not been touched in years and there's nothing on the mailing lists about these CVEs. I'll reach out to the dev at VMware and ask for his opinion on the matter.
Is there any progress in fixing the bugs in upstream, please?
(In reply to Petr Mladek from comment #7) > Is there any progress in fixing the bugs in upstream, please? No. It still stands as it is.