CVE-2022-50440 — NULL Pointer Dereference in Linux

CWE-476 — NULL Pointer Dereference CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 97.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedOct 1

Description

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Validate the box size for the snooped cursor Invalid userspace dma surface copies could potentially overflow the memcpy from the surface to the snooped image leading to crashes. To fix it the dimensions of the copybox have to be validated against the expected size of the snooped cursor.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶NVDlinux/linux_kernel3.2 — 4.9.337+7

▶Debianlinux/linux_kernel< 5.10.178-1+3

▶CVEListV5linux/linux2ac863719e518ae1a8f328849e64ea26a222f079 — ee8d31836cbe7c26e207bfa0a4a726f0a25cfcf6+9

▶debiandebian/linux< linux 6.1.4-1 (bookworm)

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-rvwq-h638-7j7w: In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Validate the box size for the snooped cursor Invalid userspace dma s↗2025-10-01

▶

OSV

CVE-2022-50440: In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Validate the box size for the snooped cursor Invalid userspace dma sur↗2025-10-01

▶

📋Vendor Advisories

Red Hat

kernel: Linux kernel: Denial of Service in vmwgfx due to invalid DMA surface copies↗2025-10-01

▶

Debian

CVE-2022-50440: linux - In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx:...↗2022

▶