CVE-2022-38096
Description
A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2024-2394.html
Vendor advisory: alma — https://bugzilla.redhat.com/2270883
Vendor advisory: alma — https://bugzilla.redhat.com/2270118
Vendor advisory: alma — https://bugzilla.redhat.com/2270080
Vendor advisory: alma — https://bugzilla.redhat.com/2269217
Vendor advisory: alma — https://bugzilla.redhat.com/2269189
Vendor advisory: alma — https://bugzilla.redhat.com/2267795
Vendor advisory: alma — https://bugzilla.redhat.com/2267788
Vendor advisory: alma — https://bugzilla.redhat.com/2267761
Vendor advisory: alma — https://bugzilla.redhat.com/2267760
Vendor advisory: alma — https://bugzilla.redhat.com/2267758
Vendor advisory: alma — https://bugzilla.redhat.com/2267750
Vendor advisory: alma — https://bugzilla.redhat.com/2267695
Vendor advisory: alma — https://bugzilla.redhat.com/2267041
Vendor advisory: alma — https://bugzilla.redhat.com/2265653
Vendor advisory: alma — https://bugzilla.redhat.com/2265646
Vendor advisory: alma — https://bugzilla.redhat.com/2265645
Vendor advisory: alma — https://bugzilla.redhat.com/2265520
Vendor advisory: alma — https://bugzilla.redhat.com/2265519
Vendor advisory: alma — https://bugzilla.redhat.com/2265518
Vendor advisory: alma — https://bugzilla.redhat.com/2265517
Vendor advisory: alma — https://bugzilla.redhat.com/2265285
Vendor advisory: alma — https://bugzilla.redhat.com/2262127
Vendor advisory: alma — https://bugzilla.redhat.com/2260005
Vendor advisory: alma — https://bugzilla.redhat.com/2258013
Vendor advisory: alma — https://bugzilla.redhat.com/2257682
Vendor advisory: alma — https://bugzilla.redhat.com/2256822
Vendor advisory: alma — https://bugzilla.redhat.com/2256490
Vendor advisory: alma — https://bugzilla.redhat.com/2255283
Vendor advisory: alma — https://bugzilla.redhat.com/2254982
Vendor advisory: alma — https://bugzilla.redhat.com/2254961
Vendor advisory: alma — https://bugzilla.redhat.com/2253632
Vendor advisory: alma — https://bugzilla.redhat.com/2253034
Vendor advisory: alma — https://bugzilla.redhat.com/2250043
Vendor advisory: alma — https://bugzilla.redhat.com/2246980
Vendor advisory: alma — https://bugzilla.redhat.com/2244720
Vendor advisory: alma — https://bugzilla.redhat.com/2239848
Vendor advisory: alma — https://bugzilla.redhat.com/2239845
Vendor advisory: alma — https://bugzilla.redhat.com/2231410
Vendor advisory: alma — https://bugzilla.redhat.com/2226788
Vendor advisory: alma — https://bugzilla.redhat.com/2226787
Vendor advisory: alma — https://bugzilla.redhat.com/2226777
Vendor advisory: alma — https://bugzilla.redhat.com/2221702
Vendor advisory: alma — https://bugzilla.redhat.com/2221463
Vendor advisory: alma — https://bugzilla.redhat.com/2221039
Vendor advisory: alma — https://bugzilla.redhat.com/2219359
Vendor advisory: alma — https://bugzilla.redhat.com/2218332
Vendor advisory: alma — https://bugzilla.redhat.com/2213132
Vendor advisory: alma — https://bugzilla.redhat.com/2210024
Vendor advisory: alma — https://bugzilla.redhat.com/2188102
Vendor advisory: alma — https://bugzilla.redhat.com/2185519
Vendor advisory: alma — https://bugzilla.redhat.com/2177759
Vendor advisory: alma — https://bugzilla.redhat.com/2151959
Vendor advisory: alma — https://bugzilla.redhat.com/2049700
Vendor advisory: alma — https://bugzilla.redhat.com/1918601
Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2024-1607.html
Vendor advisory: alma — https://bugzilla.redhat.com/2262126
Vendor advisory: alma — https://bugzilla.redhat.com/2261976
Vendor advisory: alma — https://bugzilla.redhat.com/2259866
Vendor advisory: alma — https://bugzilla.redhat.com/2258518
Vendor advisory: alma — https://bugzilla.redhat.com/2255498
Vendor advisory: alma — https://bugzilla.redhat.com/2252731
Vendor advisory: alma — https://bugzilla.redhat.com/2133452
Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2024:1607
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2022-38096
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2022-38096.html
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2024:1607
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2024:1614
Vendor advisory: rocky — https://errata.rockylinux.org/RXSA-2024:1607
Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2024:2394
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| rhel | 9 | fixed | |
| rocky | 8 | fixed | |
| sles | affected | | |
| debian | bookworm | fixed | 6.1.85-1 |
| debian | bullseye | fixed | 5.10.215-1 |
| debian | forky | fixed | 6.7.12-1 |
| debian | sid | fixed | 6.7.12-1 |
| debian | trixie | fixed | 6.7.12-1 |
| linux-kernel | affected | |
References
- https://access.redhat.com/errata/RHSA-2024:2394
- https://bugzilla.openanolis.cn/show_bug.cgi?id=2073
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://cert-portal.siemens.com/productcert/html/ssa-265688.html
- https://errata.rockylinux.org/RXSA-2024:1607
- https://errata.rockylinux.org/RLSA-2024:1614
- https://errata.rockylinux.org/RLSA-2024:1607
- https://www.suse.com/security/cve/CVE-2022-38096.html
- https://security-tracker.debian.org/tracker/CVE-2022-38096
- https://access.redhat.com/errata/RHSA-2024:1607
- https://bugzilla.redhat.com/2133452
- https://bugzilla.redhat.com/2252731
- https://bugzilla.redhat.com/2255498
- https://bugzilla.redhat.com/2258518
- https://bugzilla.redhat.com/2259866
- https://bugzilla.redhat.com/2261976
- https://bugzilla.redhat.com/2262126
- https://errata.almalinux.org/8/ALSA-2024-1607.html
- https://bugzilla.redhat.com/1918601
- https://bugzilla.redhat.com/2049700
- https://bugzilla.redhat.com/2151959
- https://bugzilla.redhat.com/2177759
- https://bugzilla.redhat.com/2185519
- https://bugzilla.redhat.com/2188102
- https://bugzilla.redhat.com/2210024
CWEs
CWE-476
Verify integrity in audit chain (admin only). AS-IS.