CVE-2022-50440
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/vmwgfx: Validate the box size for the snooped cursor
Invalid userspace dma surface copies could potentially overflow the memcpy from the surface to the snooped image leading to crashes. To fix it the dimensions of the copybox have to be validated against the expected size of the snooped cursor.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 2ac863719e518ae1a8f328849e64ea26a222f079 < ee8d31836cbe7c26e207bfa0a4a726f0a25cfcf6 | affected |
| Linux | Linux | 2ac863719e518ae1a8f328849e64ea26a222f079 < 50d177f90b63ea4138560e500d92be5e4c928186 | affected |
| Linux | Linux | 2ac863719e518ae1a8f328849e64ea26a222f079 < 6b4e70a428b5a11f56db94047b68e144529fe512 | affected |
| Linux | Linux | 2ac863719e518ae1a8f328849e64ea26a222f079 < 94b283341f9f3f0ed56a360533766377a01540e0 | affected |
| Linux | Linux | 2ac863719e518ae1a8f328849e64ea26a222f079 < 439cbbc1519547f9a7b483f0de33b556ebfec901 | affected |
| Linux | Linux | 2ac863719e518ae1a8f328849e64ea26a222f079 < 6948e570f54f2044dd4da444b10471373a047eeb | affected |
| Linux | Linux | 2ac863719e518ae1a8f328849e64ea26a222f079 < 4d54d11b49860686331c58a00f733b16a93edfc4 | affected |
| Linux | Linux | 2ac863719e518ae1a8f328849e64ea26a222f079 < 622d527decaac0eb65512acada935a0fdc1d0202 | affected |
| Linux | Linux | 2ac863719e518ae1a8f328849e64ea26a222f079 < 4cf949c7fafe21e085a4ee386bb2dade9067316e | affected |
| Linux | Linux | 3.2 | affected |
| Linux | Linux | 0 < 3.2 | unaffected |
| Linux | Linux | 4.9.337 <= 4.9.* | unaffected |
| Linux | Linux | 4.14.303 <= 4.14.* | unaffected |
| Linux | Linux | 4.19.270 <= 4.19.* | unaffected |
| Linux | Linux | 5.4.229 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.163 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.87 <= 5.15.* | unaffected |
| Linux | Linux | 6.0.18 <= 6.0.* | unaffected |
| Linux | Linux | 6.1.4 <= 6.1.* | unaffected |
| Linux | Linux | 6.2 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/ee8d31836cbe7c26e207bfa0a4a726f0a25cfcf6
- https://git.kernel.org/stable/c/50d177f90b63ea4138560e500d92be5e4c928186
- https://git.kernel.org/stable/c/6b4e70a428b5a11f56db94047b68e144529fe512
- https://git.kernel.org/stable/c/94b283341f9f3f0ed56a360533766377a01540e0
- https://git.kernel.org/stable/c/439cbbc1519547f9a7b483f0de33b556ebfec901
- https://git.kernel.org/stable/c/6948e570f54f2044dd4da444b10471373a047eeb
- https://git.kernel.org/stable/c/4d54d11b49860686331c58a00f733b16a93edfc4
- https://git.kernel.org/stable/c/622d527decaac0eb65512acada935a0fdc1d0202
- https://git.kernel.org/stable/c/4cf949c7fafe21e085a4ee386bb2dade9067316e
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.