CVE-2022-40133
UAF vulnerability in vmwgfx driver
References
Notes
bwh> Probably introduced in 4.20 by commit e8c66efbfe3a "drm/vmwgfx: Make
bwh> user resource lookups reference-free during validation".
carnil> According to Zack Rusin fixed conceptually via a309c7194e8a
carnil> ("drm/vmwgfx: Remove rcu locks from user resources")
Bugs
Status
| Branch |
Status |
| upstream |
released (6.2-rc4) [a309c7194e8a2f8bd4539b9449917913f6c2cd50]
|
| 6.18-upstream-stable |
|
| 6.17-upstream-stable |
|
| 6.12-upstream-stable |
|
| 6.6-upstream-stable |
|
| 6.1-upstream-stable |
released (6.1.7) [7ac9578e45b20e3f3c0c8eb71f5417a499a7226a]
|
| 5.10-upstream-stable |
needed
|
| 4.19-upstream-stable |
N/A "Vulnerable code not present"
|
| sid |
released (6.1.7-1)
|
| 6.12-trixie-security |
|
| 6.1-bookworm-security |
N/A "Fixed before branch point"
|
| 5.10-bullseye-security |
needed
|
| 4.19-buster-security |
N/A "Vulnerable code not present"
|
