'[oss-security] Re: CVE-2022-22942: Linux kernel: wrong file descriptor handling in the vmwgfx driver'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: CVE-2022-22942: Linux kernel: wrong file descriptor handling in the vmwgfx driver
From:       Mathias Krause <minipli () grsecurity ! net>
Date:       2022-01-27 22:20:48
Message-ID: 77daef92-54bb-4c5c-cea2-c489e46d9027 () grsecurity ! net
[Download RAW message or body]

[Attachment #2 (multipart/mixed)]

Am 27.01.22 um 21:00 schrieb Mathias Krause:
> Exploiting this vulnerability requires an attacker to have access to
> either /dev/dri/card0 or /dev/dri/rendererD128 and be able to issue an
> ioctl() on the resulting file descriptor.

Forgot to mention, as per linux-distros' list policy, an exploit for the
vulnerability will be provided in 7 days, as one has been shared with
the linux-distros before.

Meanwhile the patch was merged into Linux mainline:
https://git.kernel.org/linus/a0f90c881570

Thanks,
Mathias

["OpenPGP_signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic