[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Re: CVE-2022-22942: Linux kernel: wrong file descriptor handling in the vmwgfx driver
From: Mathias Krause <minipli () grsecurity ! net>
Date: 2022-01-27 22:20:48
Message-ID: 77daef92-54bb-4c5c-cea2-c489e46d9027 () grsecurity ! net
[Download RAW message or body]
[Attachment #2 (multipart/mixed)]
Am 27.01.22 um 21:00 schrieb Mathias Krause:
> Exploiting this vulnerability requires an attacker to have access to
> either /dev/dri/card0 or /dev/dri/rendererD128 and be able to issue an
> ioctl() on the resulting file descriptor.
Forgot to mention, as per linux-distros' list policy, an exploit for the
vulnerability will be provided in 7 days, as one has been shared with
the linux-distros before.
Meanwhile the patch was merged into Linux mainline:
https://git.kernel.org/linus/a0f90c881570
Thanks,
Mathias
["OpenPGP_signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic