CVE-2022-36402

Advisory lineage Upstream: 0 Downstream: 26
Modified
Published: 16 Sept 2022, 16:08
Last modified:17 Sept 2024, 03:38

Vulnerability Summary

Overall Risk (default)
medium
25/100
CVSS Score
6.3 MEDIUM
v3.1 (cve.org)
EPSS Score
0.05% LOW
0% probability +0.03%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

16 Sept 2022, 16:08
Published
Vulnerability first disclosed
17 Sept 2024, 03:38
Last Modified
Vulnerability information updated

Description

An integer overflow vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).

CVSS Metrics

  • v3.1MEDIUMScore: 6.3CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H
  • v3.1MEDIUMScore: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.05% Percentile: 16%

Techniques & Countermeasures

  • CWE-190Integer Overflow or Wraparound

    The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

  • CWE-118Incorrect Access of Indexable Resource ('Range Error')

    The product does not restrict or incorrectly restricts operations within the boundaries of a resource that is accessed using an index or pointer, such as memory or files.

Affected Systems

  • UnknownKernel

    ≥ v4.3-rc1, < 5.13.0-52*

  • linuxlinux_kernel

    na

References (1)