2277161 – (ZDI-CAN-23566) kernel: vmwgfx: Out-Of-Bounds read in vmw_event_fence_action_create

Bug 2277161 (ZDI-CAN-23566) - kernel: vmwgfx: Out-Of-Bounds read in vmw_event_fence_action_create

Summary: kernel: vmwgfx: Out-Of-Bounds read in vmw_event_fence_action_create

Keywords:
Status:	CLOSED DUPLICATE of bug 2290408
Alias:	ZDI-CAN-23566
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2277159
TreeView+	depends on / blocked

Reported:	2024-04-25 13:46 UTC by Patrick Del Bello
Modified:	2024-11-05 14:39 UTC (History)
CC List:	48 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2024-10-24 04:44:44 UTC
Embargoed:

Attachments	(Terms of Use)

Description Patrick Del Bello 2024-04-25 13:46:09 UTC

OOB read bug exists in vmwgfx.ko, which is vmware linux kernel driver. The primitive can leak 72 bytes from the kmalloc-96 cache to user space.
It requires render permission to open the device, /dev/dri/renderD128

Comment 4 Rohit Keshri 2024-10-24 04:44:44 UTC


*** This bug has been marked as a duplicate of bug 2290408 ***

Note You need to log in before you can comment on or make changes to this bug.

acaringi
allarkin
aquini
bhu
chwhite
cye
cyin
dbohanno
debarbos
dvlasenk
esandeen
ezulian
hkrzesin
jarod
jdenham
jfalempe
jfaracco
jlelli
joe.lawrence
jshortt
jstancek
jwyatt
kcarcia
ldoskova
lgoncalv
lzampier
mleitner
mmilgram
mstowell
ndegraef
nmurray
ptalbert
rkeshri
rparrazo
rrobaina
rvrbovsk
rysulliv
scweaver
security-response-team
sukulkar
tglozar
tyberry
wcosta
williams
wmealing
ycote
ykopkova
zhijwang