An integer overflow was found in the Linux kernel's vmwgfx driver. Systems making use of the vmwgfx driver are potentially affected by this flaw. Exploiting the bug would require an attacker to have access to either /dev/dri/card0 or /dev/dri/rendererD128 and be able to issue an ioctl() on the resulting file descriptor. Under certain circumstances a local unprivileged user could use this flaw to crash the system, causing a denial of service. Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-36402 https://bugzilla.openanolis.cn/show_bug.cgi?id=2072
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2133478]
Upstream patch: https://lore.kernel.org/lkml/169297981236.24147.14742169892084120200.pr-tracker-bot@kernel.org/T/
This CVE was fixed upstream in kernel version 6.5. The kernel packages as shipped in Red Hat Enterprise Linux 8 were previously updated to a version that contains the fix via the following errata: kernel in Red Hat Enterprise Linux 8 https://access.redhat.com/errata/RHSA-2024:0113 kernel-rt in Red Hat Enterprise Linux 8 https://access.redhat.com/errata/RHSA-2024:0134
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:0461 https://access.redhat.com/errata/RHSA-2024:0461
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2024:0930 https://access.redhat.com/errata/RHSA-2024:0930
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:1404 https://access.redhat.com/errata/RHSA-2024:1404