First published: Tue Sep 06 2022(Updated: )
A NULL pointer dereference issue was found in the Linux kernel's vmwgfx driver in vmw_cmd_dx_define_query. Systems making use of the vmwgfx driver are potentially affected by this flaw. Exploiting the bug would require an attacker to have access to either /dev/dri/card0 or /dev/dri/rendererD128 and be able to issue an ioctl() on the resulting file descriptor. Under certain circumstances a local unprivileged user could use this flaw to crash the system, causing a denial of service. Reference: <a href="https://bugzilla.openanolis.cn/show_bug.cgi?id=2073">https://bugzilla.openanolis.cn/show_bug.cgi?id=2073</a>
Credit: security@openanolis.org security@openanolis.org
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Kernel | >=4.20 | |
IBM Security QRadar | <=7.5 - 7.5.0 UP8 IF01 | |
debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.128-1 6.12.20-1 6.12.21-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-38096 is a medium severity vulnerability due to the NULL pointer dereference in the vmwgfx driver.
To mitigate CVE-2022-38096, upgrade to the patched versions of the Linux kernel and ensure the vmwgfx driver is updated.
CVE-2022-38096 affects the Linux kernel versions from 4.20 and IBM QRadar SIEM versions up to 7.5.0 UP8 IF01.
CVE-2022-38096 is classified as a NULL pointer dereference vulnerability in the Linux kernel's vmwgfx driver.
Exploitation of CVE-2022-38096 requires local access to the affected system, specifically to /dev/dri/card0 or similar devices.