Main Vulnerability Database Exploits ID:8784 - Exploit for Permissions, Privileges, and Access Controls in Linux kernel - CVE-2022-22942

ID:8784 - Exploit for Permissions, Privileges, and Access Controls in Linux kernel - CVE-2022-22942

Published: January 31, 2023

Vulnerability identifier: #VU61217

Vulnerability risk: Low

CVE-ID: CVE-2022-22942

CWE-ID: CWE-264

Exploitation vector: Local access

Vulnerable software:
Linux kernel

Link to public exploit:

https://www.rapid7.com/db/modules/exploit/linux/local/vmwgfx_fd_priv_esc

Vulnerability description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to an error in the vmwgfx driver in Linux kernel. A local unprivileged user can gain access to files opened by other processes on the system through a dangling 'file' pointer.

Exploiting this vulnerability requires an attacker to have access to either /dev/dri/card0 or /dev/dri/rendererD128 and be able to issue an ioctl() on the resulting file descriptor.

Remediation

Install updates from vendor's website.

ID:8784 - Exploit for Permissions, Privileges, and Access Controls in Linux kernel - CVE-2022-22942

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human