Bug 1203329 - (CVE-2022-40133) VUL-0: CVE-2022-40133: kernel: use-after-free in 'vmw_execbuf_tie_context' in vmxgfx
(CVE-2022-40133)
VUL-0: CVE-2022-40133: kernel: use-after-free in 'vmw_execbuf_tie_context' in...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Thomas Zimmermann
Security Team bot
https://smash.suse.de/issue/341974/
CVSSv3.1:SUSE:CVE-2022-40133:5.5:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-09-12 08:47 UTC by Robert Frohl
Modified: 2022-11-16 10:14 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Frohl 2022-09-12 08:47:11 UTC
CVE-2022-40133

A use-after-free(UAF) vulnerability was found in function
'vmw_execbuf_tie_context' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux
kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This
flaw allows a local attacker with a user account on the system to gain
privilege, causing a denial of service(DoS).

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40133
https://www.cve.org/CVERecord?id=CVE-2022-40133
https://bugzilla.openanolis.cn/show_bug.cgi?id=2075
Comment 3 Petr Mladek 2022-09-19 10:57:11 UTC
Thomas, this seems to be in your area. Please, handle the bug or eventually assign it to a more appropriate person.
Comment 4 Thomas Zimmermann 2022-09-23 07:20:52 UTC
Hi

(In reply to Petr Mladek from comment #3)
> Thomas, this seems to be in your area. Please, handle the bug or eventually
> assign it to a more appropriate person.

I keep it on my radar, together with these other CVEs. But there's little information available. (?) The upstream trees for the driver don't have a patch yet.

I cannot access the bug tracked at openalolis.cn. Do we have a login to it?
Comment 5 Jan Kara 2022-10-12 16:34:42 UTC
Thomas, by any chance did you notice anything that could match the CVE description?
Comment 6 Thomas Zimmermann 2022-10-13 11:34:20 UTC
Hi

(In reply to Jan Kara from comment #5)
> Thomas, by any chance did you notice anything that could match the CVE
> description?

Neither for this CVE nor for the others against the vmwgfx driver. The code has not been touched in years and there's nothing on the mailing lists about these CVEs.

I'll reach out to the dev at VMware and ask for his opinion on the matter.
Comment 7 Petr Mladek 2022-11-16 09:03:51 UTC
Is there any progress in fixing the bugs in upstream, please?
Comment 8 Thomas Zimmermann 2022-11-16 10:14:28 UTC
(In reply to Petr Mladek from comment #7)
> Is there any progress in fixing the bugs in upstream, please?

No. It still stands as it is.