CVE-2022-36402

Integer Overflow or Wraparound (CWE-190)

Published: Sep 16, 2022 / Updated: 26mo ago

010
CVSS 5.5EPSS 0.04%Medium
CVE info copied to clipboard

An integer overflow vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2022-36402. See article

Sep 16, 2022 at 4:58 PM / nitter.it
EPSS

EPSS Score was set to: 0.04% (Percentile: 5.7%)

Sep 20, 2023 at 5:33 PM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (242839)

Feb 7, 2024 at 12:00 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (190828)

Feb 21, 2024 at 12:15 AM
Vendor Advisory

RedHat released a security advisory (RHSA-2024:0930).

Feb 21, 2024 at 8:00 AM
Vendor Advisory

RedHat released a security advisory (RHSA-2024:0941).

Feb 28, 2024 at 8:00 AM
Vendor Advisory

RedHat released a security advisory (RHSA-2024:1404).

Mar 19, 2024 at 8:00 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (380728)

Oct 17, 2024 at 7:53 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (6021413)

Oct 31, 2024 at 7:53 AM
Static CVE Timeline Graph

Affected Systems

Linux/linux_kernel
+null more

Patches

Oracle
+null more

Attack Patterns

CAPEC-92: Forced Integer Overflow
+null more

Vendor Advisory

Oracle Linux Bulletin - January 2024
Oracle Id: linuxbulletinjan2024 Release Date: 2024-01-16 Update Date: 2024-03-20 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin. Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are released. These bulletins will also be updated for the following two months after their release (i.e., the two months between the normal quarterly Critical Patch Update publication dates) to cover all CVEs that had been resolved in those two months following the bulletin's publication. In addition, Oracle Linux Bulletins may also be updated for vulnerability issues deemed too critical to wait for the next scheduled bulletin publication date. Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Oracle Linux Bulletin security patches as soon as possible. Oracle Linux Risk Matrix (Revision: 3 Published on 2024-03-20) CVE-2023-50447 CVSS Base Score :9.0 CVSS Vector :CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H Product :

References

Security: Mehrere Probleme in Linux (Red Hat)
* * kernel: vmwgfx: race condition leading to information disclosure A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Security: Mehrere Probleme in Linux (Red Hat)
An update for kernel is now available for Red Hat Enterprise Linux 8.8 Extended * kernel: Out-Of-Bounds Read vulnerability in smbCalcSize (JIRA:RHEL-21661)
Oracle9: ELSA-2024-0461: kernel security Important Security Update
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
See 10 more references

News

ubuntu_linux USN-7088-5: Ubuntu 18.04 LTS / Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-7088-5)
Development Last Updated: 11/15/2024 CVEs: CVE-2024-41012 , CVE-2024-44954 , CVE-2024-46744 , CVE-2024-43914 , CVE-2024-46817 , CVE-2024-43908 , CVE-2024-26891 , CVE-2024-46829 , CVE-2024-47667 , CVE-2024-43854 , CVE-2024-27051 , CVE-2024-26800 , CVE-2024-42311 , CVE-2024-43858 , CVE-2024-45025 , CVE-2024-46738 , CVE-2024-41063 , CVE-2024-46815 , CVE-2024-42259 , CVE-2024-41098 , CVE-2024-42309 , CVE-2024-46739 , CVE-2024-46745 , CVE-2024-45026 , CVE-2024-42288 , CVE-2024-42305 , CVE-2024-46780 , CVE-2024-44947 , CVE-2024-38602 , CVE-2024-46719 , CVE-2024-43835 , CVE-2024-41091 , CVE-2024-42313 , CVE-2024-42271 , CVE-2024-42285 , CVE-2024-41042 , CVE-2024-44995 , CVE-2024-46685 , CVE-2024-41073 , CVE-2024-42280 , CVE-2024-41081 , CVE-2024-45003 , CVE-2024-41059 , CVE-2024-43884 , CVE-2024-44944 , CVE-2024-46782 , CVE-2024-41068 , CVE-2024-46714 , CVE-2022-36402 , CVE-2023-52614 , CVE-2024-43894 , CVE-2024-46771 , CVE-2024-42304 , CVE-2024-42310 , CVE-2024-35848 , CVE-2024-46679 , CVE-2024-43861 , CVE-2024-42246 , CVE-2024-46800 , CVE-2024-41020 , CVE-2024-43846 , CVE-2024-44952 , CVE-2024-42276 , CVE-2024-42301 , CVE-2024-45021 , CVE-2024-43890 , CVE-2024-41015 , CVE-2024-43883 , CVE-2024-44965 , CVE-2024-45028 , CVE-2024-44960 , CVE-2024-47663 , CVE-2024-41071 , CVE-2024-26885 , CVE-2024-47669 , CVE-2024-41011 , CVE-2024-43893 , CVE-2024-46783 , CVE-2024-43871 , CVE-2024-26669 , CVE-2024-41017 , CVE-2024-36484 , CVE-2024-42290 , CVE-2024-43860 , CVE-2024-46822 , CVE-2024-41065 , CVE-2024-46737 , CVE-2024-46758 , CVE-2024-41072 , CVE-2024-46721 , CVE-2024-42131 , CVE-2024-46781 , CVE-2024-43867 , CVE-2024-44935 , CVE-2024-46818 , CVE-2024-41090 , CVE-2024-46761 , CVE-2024-46723 , CVE-2024-26607 , CVE-2024-44948 , CVE-2024-46755 , CVE-2024-46840 , CVE-2024-41070 , CVE-2024-38611 , CVE-2024-44998 , CVE-2024-44987 , CVE-2024-42283 , CVE-2024-46798 , CVE-2024-42297 , CVE-2024-41022 , CVE-2024-42229 , CVE-2024-46689 , CVE-2024-46844 , CVE-2024-42286 , CVE-2024-44946 , CVE-2024-45008 , CVE-2024-46757 , CVE-2024-42295 , CVE-2024-43829 , CVE-2024-47668 , CVE-2024-42287 , CVE-2023-52918 , CVE-2024-42292 , CVE-2024-43879 , CVE-2024-43880 , CVE-2024-46759 , CVE-2024-26641 , CVE-2024-42265 , CVE-2023-52531 , CVE-2024-41064 , CVE-2021-47212 , CVE-2024-42244 , CVE-2024-46677 , CVE-2024-44969 , CVE-2024-46673 , CVE-2024-47659 , CVE-2024-43830 , CVE-2024-26668 , CVE-2024-26640 , CVE-2024-42284 , CVE-2024-40929 , CVE-2024-46740 , CVE-2024-46828 , CVE-2024-43882 , CVE-2024-43856 , CVE-2024-46743 , CVE-2024-43853 , CVE-2024-46722 , CVE-2024-46756 , CVE-2024-46675 , CVE-2024-44988 , CVE-2024-45006 , CVE-2024-46676 , CVE-2024-43839 , CVE-2024-46777 , CVE-2024-42289 , CVE-2024-43841 , CVE-2024-46747 , CVE-2024-46750 , CVE-2024-42306 , CVE-2024-44999 , CVE-2024-42281
Ubuntu update for linux-raspi
ubuntu_linux USN-7088-4: Ubuntu 18.04 LTS / Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-7088-4)
Development Last Updated: 11/7/2024 CVEs: CVE-2024-41012 , CVE-2024-44954 , CVE-2024-46744 , CVE-2024-43914 , CVE-2024-46817 , CVE-2024-43908 , CVE-2024-26891 , CVE-2024-46829 , CVE-2024-47667 , CVE-2024-43854 , CVE-2024-27051 , CVE-2024-26800 , CVE-2024-42311 , CVE-2024-43858 , CVE-2024-45025 , CVE-2024-46738 , CVE-2024-41063 , CVE-2024-46815 , CVE-2024-42259 , CVE-2024-41098 , CVE-2024-42309 , CVE-2024-46739 , CVE-2024-46745 , CVE-2024-45026 , CVE-2024-42288 , CVE-2024-42305 , CVE-2024-46780 , CVE-2024-44947 , CVE-2024-38602 , CVE-2024-46719 , CVE-2024-43835 , CVE-2024-41091 , CVE-2024-42313 , CVE-2024-42271 , CVE-2024-42285 , CVE-2024-41042 , CVE-2024-44995 , CVE-2024-46685 , CVE-2024-41073 , CVE-2024-42280 , CVE-2024-41081 , CVE-2024-45003 , CVE-2024-41059 , CVE-2024-43884 , CVE-2024-44944 , CVE-2024-46782 , CVE-2024-41068 , CVE-2024-46714 , CVE-2022-36402 , CVE-2023-52614 , CVE-2024-43894 , CVE-2024-46771 , CVE-2024-42304 , CVE-2024-42310 , CVE-2024-35848 , CVE-2024-46679 , CVE-2024-43861 , CVE-2024-42246 , CVE-2024-46800 , CVE-2024-41020 , CVE-2024-43846 , CVE-2024-44952 , CVE-2024-42276 , CVE-2024-42301 , CVE-2024-45021 , CVE-2024-43890 , CVE-2024-41015 , CVE-2024-43883 , CVE-2024-44965 , CVE-2024-45028 , CVE-2024-44960 , CVE-2024-47663 , CVE-2024-41071 , CVE-2024-26885 , CVE-2024-47669 , CVE-2024-41011 , CVE-2024-43893 , CVE-2024-46783 , CVE-2024-43871 , CVE-2024-26669 , CVE-2024-41017 , CVE-2024-36484 , CVE-2024-42290 , CVE-2024-43860 , CVE-2024-46822 , CVE-2024-41065 , CVE-2024-46737 , CVE-2024-46758 , CVE-2024-41072 , CVE-2024-46721 , CVE-2024-42131 , CVE-2024-46781 , CVE-2024-43867 , CVE-2024-44935 , CVE-2024-46818 , CVE-2024-41090 , CVE-2024-46761 , CVE-2024-46723 , CVE-2024-26607 , CVE-2024-44948 , CVE-2024-46755 , CVE-2024-46840 , CVE-2024-41070 , CVE-2024-38611 , CVE-2024-44998 , CVE-2024-44987 , CVE-2024-42283 , CVE-2024-46798 , CVE-2024-42297 , CVE-2024-41022 , CVE-2024-42229 , CVE-2024-46689 , CVE-2024-46844 , CVE-2024-42286 , CVE-2024-44946 , CVE-2024-45008 , CVE-2024-46757 , CVE-2024-42295 , CVE-2024-43829 , CVE-2024-47668 , CVE-2024-42287 , CVE-2023-52918 , CVE-2024-42292 , CVE-2024-43879 , CVE-2024-43880 , CVE-2024-46759 , CVE-2024-26641 , CVE-2024-42265 , CVE-2023-52531 , CVE-2024-41064 , CVE-2021-47212 , CVE-2024-42244 , CVE-2024-46677 , CVE-2024-44969 , CVE-2024-46673 , CVE-2024-47659 , CVE-2024-43830 , CVE-2024-26668 , CVE-2024-26640 , CVE-2024-42284 , CVE-2024-40929 , CVE-2024-46740 , CVE-2024-46828 , CVE-2024-43882 , CVE-2024-43856 , CVE-2024-46743 , CVE-2024-43853 , CVE-2024-46722 , CVE-2024-46756 , CVE-2024-46675 , CVE-2024-44988 , CVE-2024-45006 , CVE-2024-46676 , CVE-2024-43839 , CVE-2024-46777 , CVE-2024-42289 , CVE-2024-43841 , CVE-2024-46747 , CVE-2024-46750 , CVE-2024-42306 , CVE-2024-44999 , CVE-2024-42281
Ubuntu update for linux-aws
ubuntu_linux USN-7088-3: Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-7088-3)
Development Last Updated: 11/6/2024 CVEs: CVE-2024-41012 , CVE-2024-44954 , CVE-2024-46744 , CVE-2024-43914 , CVE-2024-46817 , CVE-2024-43908 , CVE-2024-26891 , CVE-2024-46829 , CVE-2024-47667 , CVE-2024-43854 , CVE-2024-27051 , CVE-2024-26800 , CVE-2024-42311 , CVE-2024-43858 , CVE-2024-45025 , CVE-2024-46738 , CVE-2024-41063 , CVE-2024-46815 , CVE-2024-42259 , CVE-2024-41098 , CVE-2024-42309 , CVE-2024-46739 , CVE-2024-46745 , CVE-2024-45026 , CVE-2024-42288 , CVE-2024-42305 , CVE-2024-46780 , CVE-2024-44947 , CVE-2024-38602 , CVE-2024-46719 , CVE-2024-43835 , CVE-2024-41091 , CVE-2024-42313 , CVE-2024-42271 , CVE-2024-42285 , CVE-2024-41042 , CVE-2024-44995 , CVE-2024-46685 , CVE-2024-41073 , CVE-2024-42280 , CVE-2024-41081 , CVE-2024-45003 , CVE-2024-41059 , CVE-2024-43884 , CVE-2024-44944 , CVE-2024-46782 , CVE-2024-41068 , CVE-2024-46714 , CVE-2022-36402 , CVE-2023-52614 , CVE-2024-43894 , CVE-2024-46771 , CVE-2024-42304 , CVE-2024-42310 , CVE-2024-35848 , CVE-2024-46679 , CVE-2024-43861 , CVE-2024-42246 , CVE-2024-46800 , CVE-2024-41020 , CVE-2024-43846 , CVE-2024-44952 , CVE-2024-42276 , CVE-2024-42301 , CVE-2024-45021 , CVE-2024-43890 , CVE-2024-41015 , CVE-2024-43883 , CVE-2024-44965 , CVE-2024-45028 , CVE-2024-44960 , CVE-2024-47663 , CVE-2024-41071 , CVE-2024-26885 , CVE-2024-47669 , CVE-2024-41011 , CVE-2024-43893 , CVE-2024-46783 , CVE-2024-43871 , CVE-2024-26669 , CVE-2024-41017 , CVE-2024-36484 , CVE-2024-42290 , CVE-2024-43860 , CVE-2024-46822 , CVE-2024-41065 , CVE-2024-46737 , CVE-2024-46758 , CVE-2024-41072 , CVE-2024-46721 , CVE-2024-42131 , CVE-2024-46781 , CVE-2024-43867 , CVE-2024-44935 , CVE-2024-46818 , CVE-2024-41090 , CVE-2024-46761 , CVE-2024-46723 , CVE-2024-26607 , CVE-2024-44948 , CVE-2024-46755 , CVE-2024-46840 , CVE-2024-41070 , CVE-2024-38611 , CVE-2024-44998 , CVE-2024-44987 , CVE-2024-42283 , CVE-2024-46798 , CVE-2024-42297 , CVE-2024-41022 , CVE-2024-42229 , CVE-2024-46689 , CVE-2024-46844 , CVE-2024-42286 , CVE-2024-44946 , CVE-2024-45008 , CVE-2024-46757 , CVE-2024-42295 , CVE-2024-43829 , CVE-2024-47668 , CVE-2024-42287 , CVE-2023-52918 , CVE-2024-42292 , CVE-2024-43879 , CVE-2024-43880 , CVE-2024-46759 , CVE-2024-26641 , CVE-2024-42265 , CVE-2023-52531 , CVE-2024-41064 , CVE-2021-47212 , CVE-2024-42244 , CVE-2024-46677 , CVE-2024-44969 , CVE-2024-46673 , CVE-2024-47659 , CVE-2024-43830 , CVE-2024-26668 , CVE-2024-26640 , CVE-2024-42284 , CVE-2024-40929 , CVE-2024-46740 , CVE-2024-46828 , CVE-2024-43882 , CVE-2024-43856 , CVE-2024-46743 , CVE-2024-43853 , CVE-2024-46722 , CVE-2024-46756 , CVE-2024-46675 , CVE-2024-44988 , CVE-2024-45006 , CVE-2024-46676 , CVE-2024-43839 , CVE-2024-46777 , CVE-2024-42289 , CVE-2024-43841 , CVE-2024-46747 , CVE-2024-46750 , CVE-2024-42306 , CVE-2024-44999 , CVE-2024-42281
See 184 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:None
Integrity:None
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI