Use-after-free in Linux kernel drm vmwgfx driver

1) Use-after-free

EUVDB-ID: #VU92899

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48771

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the vmw_kms_helper_buffer_finish() function in drivers/gpu/drm/vmwgfx/vmwgfx_kms.c, within the vmw_fence_event_ioctl() function in drivers/gpu/drm/vmwgfx/vmwgfx_fence.c, within the vmw_execbuf_fence_commands(), vmw_execbuf_copy_fence_user() and vmw_execbuf_process() functions in drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c. A local user can escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

CPE2.3

External links

http://git.kernel.org/stable/c/e8d092a62449dcfc73517ca43963d2b8f44d0516
http://git.kernel.org/stable/c/0008a0c78fc33a84e2212a7c04e6b21a36ca6f4d
http://git.kernel.org/stable/c/84b1259fe36ae0915f3d6ddcea6377779de48b82
http://git.kernel.org/stable/c/ae2b20f27732fe92055d9e7b350abc5cdf3e2414
http://git.kernel.org/stable/c/6066977961fc6f437bc064f628cf9b0e4571c56c
http://git.kernel.org/stable/c/1d833b27fb708d6fdf5de9f6b3a8be4bd4321565
http://git.kernel.org/stable/c/a0f90c8815706981c483a652a6aefca51a5e191c

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.