CVE-2022-36402

Summary

CVE	CVE-2022-36402
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-09-16 17:15:00 UTC
Updated	2022-09-20 18:24:00 UTC
Description	An integer overflow vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).

Risk And Classification

Problem Types: CWE-190

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Linux	Linux Kernel	-	All	All	All

References

Reference	Source	Link	Tags
Bug Access Denied	MISC	bugzilla.openanolis.cn
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

Vendor Comments And Credit

Discovery Credit

LEGACY: Ziming Zhang([email protected]) from Ant Group Light-Year Security Lab

Legacy QID Mappings

161404 Oracle Enterprise Linux Security Update for kernel (ELSA-2024-0461)
242839 Red Hat Update for kernel (RHSA-2024:0461)
242941 Red Hat Update for kernel (RHSA-2024:0930)
243087 Red Hat Update for kernel (RHSA-2024:1404)
754863 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:3680-1)
754866 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:3684-1)
754869 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:3681-1)
754876 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:3687-1)
754883 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:3705-1)