oss-sec mailing list archives
Re: CVE-2022-22942: Linux kernel: wrong file descriptor handling in the vmwgfx driver
From: Mathias Krause <minipli () grsecurity net>
Date: Thu, 27 Jan 2022 23:20:48 +0100
Am 27.01.22 um 21:00 schrieb Mathias Krause:
Exploiting this vulnerability requires an attacker to have access to either /dev/dri/card0 or /dev/dri/rendererD128 and be able to issue an ioctl() on the resulting file descriptor.
Forgot to mention, as per linux-distros' list policy, an exploit for the vulnerability will be provided in 7 days, as one has been shared with the linux-distros before. Meanwhile the patch was merged into Linux mainline: https://git.kernel.org/linus/a0f90c881570 Thanks, Mathias
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
Current thread:
- CVE-2022-22942: Linux kernel: wrong file descriptor handling in the vmwgfx driver Mathias Krause (Jan 27)
- Re: CVE-2022-22942: Linux kernel: wrong file descriptor handling in the vmwgfx driver Mathias Krause (Jan 27)
- Re: CVE-2022-22942: Linux kernel: wrong file descriptor handling in the vmwgfx driver Mathias Krause (Feb 03)
- Re: CVE-2022-22942: Linux kernel: wrong file descriptor handling in the vmwgfx driver Mathias Krause (Jan 27)