CVE-2022-36402

CWE-118CWE-190Integer Overflow25 documents7 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 84.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Linux Kernel
Timeline
PublishedSep 16
Latest updateJan 9

Description

An integer overflow vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:HExploitability: 2.1 | Impact: 4.2

Affected Packages25 packages

CVEListV5linux/kernelv4.3-rc15.13.0-52*
Debianlinux< 5.10.197-1+3
Ubuntulinux< 5.4.0-200.220+1
Ubuntulinux-aws< 5.4.0-1135.145+3
Ubuntulinux-gcp< 5.4.0-1139.148+1

🔴Vulnerability Details

12
OSV
linux-azure, linux-azure-4.15 vulnerabilities2025-01-09
OSV
linux-aws, linux-kvm vulnerabilities2025-01-06
OSV
linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities2025-01-06
OSV
linux-iot vulnerabilities2024-11-19
OSV
linux-raspi, linux-raspi-5.4 vulnerabilities2024-11-14

📋Vendor Advisories

12
Ubuntu
Linux kernel (Azure) vulnerabilities2025-01-09
Ubuntu
Linux kernel vulnerabilities2025-01-06
Ubuntu
Linux kernel vulnerabilities2025-01-06
Ubuntu
Linux kernel vulnerabilities2025-01-06
Ubuntu
Linux kernel (IoT) vulnerabilities2024-11-19
CVE-2022-36402 (MEDIUM CVSS 5.5) | An integer overflow vulnerability w | cvebase.io