6 matches found
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007349)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007349 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Validate the box size for the snooped cursor Invalid userspace dma surface copies cou...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005775)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005775 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Validate the box size for the snooped cursor Invalid userspace dma surface copies cou...
CVE-2022-50440
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Validate the box size for the snooped cursor Invalid userspace dma surface copies could potentially overflow the memcpy from the surface to the snooped image leading to crashes. To fix it the dimensions of the copybox...
CVE-2022-50440 drm/vmwgfx: Validate the box size for the snooped cursor
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Validate the box size for the snooped cursor Invalid userspace dma surface copies could potentially overflow the memcpy from the surface to the snooped image leading to crashes. To fix it the dimensions of the copybox...
kernel: Linux kernel: Denial of Service in vmwgfx due to invalid DMA surface copies
A flaw was discovered in the Linux kernel’s DRM vmwgfx driver related to how cursor images are snooped and copied. When the dimensions of a DMA surface copybox were derived from untrusted userspace data without proper validation against the expected snooped cursor size, an invalid size could caus...
kernel: Linux kernel: Denial of Service in vmwgfx due to invalid DMA surface copies
A flaw was discovered in the Linux kernel’s DRM vmwgfx driver related to how cursor images are snooped and copied. When the dimensions of a DMA surface copybox were derived from untrusted userspace data without proper validation against the expected snooped cursor size, an invalid size could caus...