Out-of-bounds write in Linux kernel

#VU71480 Out-of-bounds write in Linux kernel

Published: 2023-01-24

Vulnerability identifier: #VU71480

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-36280

CWE-ID: CWE-787

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the vmw_kms_cursor_snoo() function in drivers/gpu/vmxgfx/vmxgfx_kms.c in vmwgfx VMWare driver. A local user can trigger an out-of-bounds write and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Linux kernel: All versions

CPE

cpe:2.3:o:linux_foundation:linux_kernel:*:*:*:*:*:*:*:*

External links
http://bugzilla.openanolis.cn/show_bug.cgi?id=2071

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability

Debian update for linux

Denial of service in Linux kernel vmwgfx driver