CVE-2022-40133 – There is an UAF vulnerability in vmwgfx driver
https://notcve.org/view.php?id=CVE-2022-40133
A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf_tie_context' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS). Se ha encontrado una vulnerabilidad de uso de memoria previamente liberada (UAF) en la función "vmw_execbuf_tie_context" en el archivo drivers/gpu/vmxgfx/vmxgfx_execbuf.c en el controlador vmwgfx del kernel de Linux con el archivo de dispositivo "/dev/dri/renderD128 (o Dxxx)". Este fallo permite a un atacante local con una cuenta de usuario en el sistema conseguir privilegios, causando una denegación de servicio (DoS) A use-after-free vulnerability was found in the Linux kernel's vmwgfx driver in vmw_execbuf_tie_context. This flaw allows a local, unprivileged attacker with access to either /dev/dri/card0 or /dev/dri/rendererD128, who can issue an ioctl() on the resulting file descriptor, to crash the system, causing a denial of service. • https://bugzilla.openanolis.cn/show_bug.cgi?id=2075 https://access.redhat.com/security/cve/CVE-2022-40133 https://bugzilla.redhat.com/show_bug.cgi?id=2133453 • CWE-416: Use After Free •
CVE-2022-38457 – There is an UAF vulnerability in vmwgfx driver
https://notcve.org/view.php?id=CVE-2022-38457
A use-after-free(UAF) vulnerability was found in function 'vmw_cmd_res_check' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS). Se ha encontrado una vulnerabilidad de uso de memoria previamente liberada (UAF) en la función "vmw_cmd_res_check" en el archivo drivers/gpu/vmxgfx/vmxgfx_execbuf.c en el controlador vmwgfx del kernel de Linux con el archivo de dispositivo "/dev/dri/renderD128 (o Dxxx)". Este fallo permite a un atacante local con una cuenta de usuario en el sistema conseguir privilegios, causando una denegación de servicio (DoS) A use-after-free vulnerability was found in the Linux kernel's vmwgfx driver in vmw_cmd_res_check. This flaw allows a local, unprivileged attacker with access to either /dev/dri/card0 or /dev/dri/rendererD128, who can issue an ioctl() on the resulting file descriptor, to crash the system, causing a denial of service. • https://bugzilla.openanolis.cn/show_bug.cgi?id=2074 https://access.redhat.com/security/cve/CVE-2022-38457 https://bugzilla.redhat.com/show_bug.cgi?id=2133455 • CWE-416: Use After Free •
CVE-2022-36280 – There is an out-of-bounds write vulnerability in vmwgfx driver
https://notcve.org/view.php?id=CVE-2022-36280
An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS). Se ha encontrado una vulnerabilidad de acceso a memoria fuera de límites (OOB) en el controlador vmwgfx en el archivo drivers/gpu/vmxgfx/vmxgfx_kms.c en el componente GPU en el kernel de Linux con el archivo de dispositivo "/dev/dri/renderD128 (o Dxxx)". Este fallo permite a un atacante local con una cuenta de usuario en el sistema conseguir privilegios, causando una denegación de servicio(DoS) An out-of-bounds memory write vulnerability was found in the Linux kernel's vmwgfx driver in vmw_kms_cursor_snoop due to a missing check of a memcpy length. This flaw allows a local, unprivileged attacker with access to either the /dev/dri/card0 or /dev/dri/rendererD128 and able to issue an ioctl() on the resulting file descriptor, to crash the system, causing a denial of service. • https://bugzilla.openanolis.cn/show_bug.cgi?id=2071 https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://www.debian.org/security/2023/dsa-5324 https://access.redhat.com/security/cve/CVE-2022-36280 https://bugzilla.redhat.com/show_bug.cgi?id=2133450 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVE-2022-40307
https://notcve.org/view.php?id=CVE-2022-40307
An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free. Se ha detectado un problema en el kernel de Linux versiones hasta 5.19.8. El archivo drivers/firmware/efi/capsule-loader.c presenta una condición de carrera con un uso de memoria previamente liberada resultante • https://github.com/torvalds/linux/commit/9cb636b5f6a8cc6d1b50809ec8f8d33ae0c84c95 https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://www.debian.org/security/2022/dsa-5257 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2022-3169
https://notcve.org/view.php?id=CVE-2022-3169
A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting in a PCIe link disconnect. Se ha encontrado un fallo en el kernel de Linux. Puede producirse un fallo de denegación de servicio si se presenta una petición consecutiva del NVME_IOCTL_RESET y del NVME_IOCTL_SUBSYS_RESET mediante el archivo de dispositivo del controlador, resultando en una desconexión del enlace PCIe • https://bugzilla.kernel.org/show_bug.cgi?id=214771 https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html • CWE-20: Improper Input Validation •