Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-22942

Опубликовано: 27 янв. 2022
Источник: redhat
CVSS3: 7

Описание

The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer.

A use-after-free flaw was found in the Linux kernel’s vmw_execbuf_copy_fence_user function in drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c in vmwgfx. This flaw allows a local attacker with user privileges to cause a privilege escalation problem.

Меры по смягчению последствий

Mitigation for this issue is to skip loading the affected module vmwgfx onto the system until we have a fix available. This can be done by a blacklist mechanism and ensures the driver is not loaded at the boot time.

How do I blacklist a kernel module to prevent it from loading automatically? https://access.redhat.com/solutions/41278

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelAffected
Red Hat Enterprise Linux 9kernelNot affected
Red Hat Enterprise Linux 9kernel-rtNot affected
Red Hat Enterprise Linux 7kernel-rtFixedRHSA-2022:062222.02.2022
Red Hat Enterprise Linux 7kpatch-patchFixedRHSA-2022:059222.02.2022
Red Hat Enterprise Linux 7kernelFixedRHSA-2022:062022.02.2022
Red Hat Enterprise Linux 7.6 Advanced Update Support(Disable again in 2026 - SPRHEL-7118)kernelFixedRHSA-2022:110729.03.2022
Red Hat Enterprise Linux 7.6 Telco Extended Update SupportkernelFixedRHSA-2022:110729.03.2022
Red Hat Enterprise Linux 7.6 Update Services for SAP Solutionskpatch-patchFixedRHSA-2022:110329.03.2022
Red Hat Enterprise Linux 7.6 Update Services for SAP SolutionskernelFixedRHSA-2022:110729.03.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=2044809kernel: failing usercopy allows for use-after-free exploitation

7 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-22942

CVSS3: 7.8
ubuntu
больше 1 года назад

The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer.

nvd логотип

CVE-2022-22942

CVSS3: 7.8
nvd
больше 1 года назад

The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer.

debian логотип

CVE-2022-22942

CVSS3: 7.8
debian
больше 1 года назад

The vmwgfx driver contains a local privilege escalation vulnerability ...

github логотип

GHSA-r3gf-pg53-xqph

CVSS3: 7.8
github
больше 1 года назад

The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer.

fstec логотип

BDU:2022-00607

CVSS3: 7
fstec
больше 3 лет назад

Уязвимость функции vmw_execbuf_copy_fence_user() (drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c) модуля vmwgfx ядра операционных систем Linux, позволяющая нарушителю повысить свои привилегии

7 High

CVSS3