OOB read bug exists in vmwgfx.ko, which is vmware linux kernel driver. The primitive can leak 72 bytes from the kmalloc-96 cache to user space. It requires render permission to open the device, /dev/dri/renderD128
*** This bug has been marked as a duplicate of bug 2290408 ***