Lucene search

K
cveAnolisCVE-2022-36280
HistorySep 09, 2022 - 3:15 p.m.

CVE-2022-36280

2022-09-0915:15:10
CWE-787
CWE-120
Anolis
web.nvd.nist.gov
125
6
cve-2022-36280
out-of-bounds memory access
vmwgfx driver
linux kernel
dos
nvd
security vulnerability

CVSS3

6.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H

AI Score

6.2

Confidence

High

EPSS

0

Percentile

5.1%

An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file ‘/dev/dri/renderD128 (or Dxxx)’. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).

Affected configurations

Nvd
Node
linuxlinux_kernelRange3.25.13.0-52
Node
debiandebian_linuxMatch11.0
VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
debiandebian_linux11.0cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "Linux",
    "product": "kernel",
    "versions": [
      {
        "version": "v3.2-rc1",
        "status": "affected",
        "lessThan": "5.13.0-52*",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

CVSS3

6.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H

AI Score

6.2

Confidence

High

EPSS

0

Percentile

5.1%