Bugzilla – Bug 1203330
VUL-0: CVE-2022-38457: kernel: use-after-free found in 'vmw_cmd_res_check' in vmwgfx driver
Last modified: 2023-03-23 18:31:18 UTC
A use-after-free(UAF) vulnerability was found in function 'vmw_cmd_res_check' in
drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device
file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a
user account on the system to gain privilege, causing a denial of service(DoS).
A gentle reminder from Kernel Security Sentinel:
is there any progress in the upstream about this bug?
I guess that the situation here is the same as in the bug #1203517, e.i. the fix is not available in upstream yet. Am I right, please?
(In reply to Petr Mladek from comment #8)
> I guess that the situation here is the same as in the bug #1203517, e.i. the
> fix is not available in upstream yet. Am I right, please?
No changes here.