CVE-2022-38457

MEDIUM

Linux Kernel 4.20-6.1.7 - Use-After-Free in vmwgfx Driver via vmw_cmd_res_check

Title source: llm
STIX 2.1

Description

A use-after-free(UAF) vulnerability was found in function 'vmw_cmd_res_check' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).

References (1)

Core 1
Core References
Issue Tracking, Permissions Required x_refsource_misc
https://bugzilla.openanolis.cn/show_bug.cgi?id=2074

Scores

CVSS v3 6.3
EPSS 0.0044
EPSS Percentile 35.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H

Details

CWE
CWE-416
Status published
Products (2)
linux/linux_kernel 6.2 rc1 (4 CPE variants)
linux/linux_kernel 4.20 - 6.1.7
Published Sep 09, 2022
Tracked Since Feb 18, 2026