active/CVE-2022-40133


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

Description: UAF vulnerability in vmwgfx driver
References:
 https://bugzilla.openanolis.cn/show_bug.cgi?id=2075
Notes:
 bwh> Probably introduced in 4.20 by commit e8c66efbfe3a "drm/vmwgfx: Make
 bwh> user resource lookups reference-free during validation".
 carnil> According to Zack Rusin fixed conceptually via a309c7194e8a
 carnil> ("drm/vmwgfx: Remove rcu locks from user resources")
Bugs:
upstream: released (6.2-rc4) [a309c7194e8a2f8bd4539b9449917913f6c2cd50]
6.1-upstream-stable: released (6.1.7) [7ac9578e45b20e3f3c0c8eb71f5417a499a7226a]
5.10-upstream-stable: needed
4.19-upstream-stable: N/A "Vulnerable code not present"
sid: released (6.1.7-1)
6.1-bookworm-security: N/A "Fixed before branch point"
5.10-bullseye-security: needed
4.19-buster-security: N/A "Vulnerable code not present"