Back to bug 2133450
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Mauro Matteo Cascella | 2022-10-10 14:19:50 UTC | Doc Text | An out-of-bounds memory write vulnerability was found in the Linux kernel's vmwgfx driver in vmw_kms_cursor_snoop, due to missing check of a memcpy length. Exploiting this bug would require an attacker to have access to either /dev/dri/card0 or /dev/dri/rendererD128 and be able to issue an ioctl() on the resulting file descriptor. Under certain circumstances a local unprivileged user could use this flaw to crash the system, causing a denial of service. | |
| Mauro Matteo Cascella | 2022-10-10 15:16:20 UTC | Depends On | 2133473, 2133472, 2133475, 2133474, 2133471 | |
| RaTasha Tillery-Smith | 2022-10-10 17:46:43 UTC | Doc Text | An out-of-bounds memory write vulnerability was found in the Linux kernel's vmwgfx driver in vmw_kms_cursor_snoop, due to missing check of a memcpy length. Exploiting this bug would require an attacker to have access to either /dev/dri/card0 or /dev/dri/rendererD128 and be able to issue an ioctl() on the resulting file descriptor. Under certain circumstances a local unprivileged user could use this flaw to crash the system, causing a denial of service. | An out-of-bounds memory write vulnerability was found in the Linux kernel's vmwgfx driver in vmw_kms_cursor_snoop due to a missing check of a memcpy length. This flaw allows a local, unprivileged attacker with access to either the /dev/dri/card0 or /dev/dri/rendererD128 and able to issue an ioctl() on the resulting file descriptor, to crash the system, causing a denial of service. |
| Niels De Graef | 2022-11-15 10:13:18 UTC | Flags | needinfo?(kraxel) | |
| CC | kraxel, ndegraef | |||
| Mauro Matteo Cascella | 2022-11-23 10:14:37 UTC | Summary | CVE-2022-36280 kernel: vmxgfx: out-of-bounds write in vmw_kms_cursor_snoop | CVE-2022-36280 kernel: vmwgfx: out-of-bounds write in vmw_kms_cursor_snoop |
| Mauro Matteo Cascella | 2022-11-23 10:17:51 UTC | Flags | needinfo?(kraxel) | |
| Red Hat Bugzilla | 2022-12-31 23:36:44 UTC | CC | fhrbata | |
| Red Hat Bugzilla | 2023-04-01 08:42:38 UTC | CC | dhoward | |
| Mauro Matteo Cascella | 2023-06-15 17:53:45 UTC | Depends On | 2115902 | |
| Mauro Matteo Cascella | 2023-06-15 17:57:53 UTC | Depends On | 2125474 | |
| Mauro Matteo Cascella | 2023-06-15 18:02:01 UTC | Fixed In Version | kernel 6.2-rc1 | |
| Red Hat Bugzilla | 2023-07-07 08:29:27 UTC | Assignee | security-response-team | nobody |
Back to bug 2133450