| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025100101-CVE-2022-50440-1afd@gregkh> Date: Wed, 1 Oct 2025 13:42:13 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50440: drm/vmwgfx: Validate the box size for the snooped cursor From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Validate the box size for the snooped cursor Invalid userspace dma surface copies could potentially overflow the memcpy from the surface to the snooped image leading to crashes. To fix it the dimensions of the copybox have to be validated against the expected size of the snooped cursor. The Linux kernel CVE team has assigned CVE-2022-50440 to this issue. Affected and fixed versions =========================== Issue introduced in 3.2 with commit 2ac863719e518ae1a8f328849e64ea26a222f079 and fixed in 4.9.337 with commit ee8d31836cbe7c26e207bfa0a4a726f0a25cfcf6 Issue introduced in 3.2 with commit 2ac863719e518ae1a8f328849e64ea26a222f079 and fixed in 4.14.303 with commit 50d177f90b63ea4138560e500d92be5e4c928186 Issue introduced in 3.2 with commit 2ac863719e518ae1a8f328849e64ea26a222f079 and fixed in 4.19.270 with commit 6b4e70a428b5a11f56db94047b68e144529fe512 Issue introduced in 3.2 with commit 2ac863719e518ae1a8f328849e64ea26a222f079 and fixed in 5.4.229 with commit 94b283341f9f3f0ed56a360533766377a01540e0 Issue introduced in 3.2 with commit 2ac863719e518ae1a8f328849e64ea26a222f079 and fixed in 5.10.163 with commit 439cbbc1519547f9a7b483f0de33b556ebfec901 Issue introduced in 3.2 with commit 2ac863719e518ae1a8f328849e64ea26a222f079 and fixed in 5.15.87 with commit 6948e570f54f2044dd4da444b10471373a047eeb Issue introduced in 3.2 with commit 2ac863719e518ae1a8f328849e64ea26a222f079 and fixed in 6.0.18 with commit 4d54d11b49860686331c58a00f733b16a93edfc4 Issue introduced in 3.2 with commit 2ac863719e518ae1a8f328849e64ea26a222f079 and fixed in 6.1.4 with commit 622d527decaac0eb65512acada935a0fdc1d0202 Issue introduced in 3.2 with commit 2ac863719e518ae1a8f328849e64ea26a222f079 and fixed in 6.2 with commit 4cf949c7fafe21e085a4ee386bb2dade9067316e Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50440 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/gpu/drm/vmwgfx/vmwgfx_kms.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/ee8d31836cbe7c26e207bfa0a4a726f0a25cfcf6 https://git.kernel.org/stable/c/50d177f90b63ea4138560e500d92be5e4c928186 https://git.kernel.org/stable/c/6b4e70a428b5a11f56db94047b68e144529fe512 https://git.kernel.org/stable/c/94b283341f9f3f0ed56a360533766377a01540e0 https://git.kernel.org/stable/c/439cbbc1519547f9a7b483f0de33b556ebfec901 https://git.kernel.org/stable/c/6948e570f54f2044dd4da444b10471373a047eeb https://git.kernel.org/stable/c/4d54d11b49860686331c58a00f733b16a93edfc4 https://git.kernel.org/stable/c/622d527decaac0eb65512acada935a0fdc1d0202 https://git.kernel.org/stable/c/4cf949c7fafe21e085a4ee386bb2dade9067316e
Powered by blists - more mailing lists