Bug 2277161 (ZDI-CAN-23566) - kernel: vmwgfx: Out-Of-Bounds read in vmw_event_fence_action_create
Summary: kernel: vmwgfx: Out-Of-Bounds read in vmw_event_fence_action_create
Keywords:
Status: CLOSED DUPLICATE of bug 2290408
Alias: ZDI-CAN-23566
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2277159
TreeView+ depends on / blocked
 
Reported: 2024-04-25 13:46 UTC by Patrick Del Bello
Modified: 2024-11-05 14:39 UTC (History)
48 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2024-10-24 04:44:44 UTC
Embargoed:


Attachments (Terms of Use)

Description Patrick Del Bello 2024-04-25 13:46:09 UTC
OOB read bug exists in vmwgfx.ko, which is vmware linux kernel driver. The primitive can leak 72 bytes from the kmalloc-96 cache to user space.
It requires render permission to open the device, /dev/dri/renderD128

Comment 4 Rohit Keshri 2024-10-24 04:44:44 UTC

*** This bug has been marked as a duplicate of bug 2290408 ***


Note You need to log in before you can comment on or make changes to this bug.