CVE-2022-38096
Severity CVSS v4.0:
Pending analysis
Type:
CWE-476
NULL Pointer Dereference
Publication date:
09/09/2022
Last modified:
12/05/2026
Description
A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).
Impact
Base Score 3.x
6.30
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.20 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://bugzilla.openanolis.cn/show_bug.cgi?id=2073
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://bugzilla.openanolis.cn/show_bug.cgi?id=2073
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://cert-portal.siemens.com/productcert/html/ssa-265688.html