#VU71480 Out-of-bounds write in Linux kernel


Published: 2023-01-24

Vulnerability identifier: #VU71480

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-36280

CWE-ID: CWE-787

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the vmw_kms_cursor_snoo() function in drivers/gpu/vmxgfx/vmxgfx_kms.c in vmwgfx VMWare driver. A local user can trigger an out-of-bounds write and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Linux kernel: All versions


CPE

External links
http://bugzilla.openanolis.cn/show_bug.cgi?id=2071


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability