Created attachment 388 [details] poc Description of problem: There is a NULL pointer vulnerability in vmwgfx driver Linux VMware guests have the device file /dev/dri/renderD128 (or Dxxx) which can be used to send ioctl()s to VMWare graphics driver, [vmwgfx] module. On some distributions this device is readable and writable by unprivileged users Vulnerability location: Drivers/gpu/vmxgfx/vmxgfx_execbuf.c vmw_cmd_dx_define_query Vulnerable code: vmw_context_cotable(ctx_node->ctx, SVGA_COTABLE_DXQUERY); ctx_node->ctx is a null pointer when uninitialized cause kernel crashes Version-Release number of selected component (if applicable): 5.13.0-53 How reproducible: In the linux environment of vmware, compile the poc file and execute Steps to Reproduce: gcc poc.c -o poc ./poc Actual results: DOS Expected results: DOS =*=*=*=*=*=*=*=*= Credit =*=*=*=*=*=*=*=*= ziming zhang(@ezrak1e) from Ant Group Light-Year Security Lab Best Regards, ziming
The content of attachment 388 [details] has been deleted
Hi, this issue was assigned CVE-2022-38096 (I'm not the assigner, just a messenger). Has there been any progress on addressing this issue and/or has this issue been communicated to the upstream kernel developers? Thanks!
The PR Link: https://gitee.com/anolis/cloud-kernel/pulls/3040
(In reply to 小龙 from comment #3) > The PR Link: https://gitee.com/anolis/cloud-kernel/pulls/3040 merged