Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Validate the box size for the snooped cursor Invalid userspace dma surface copies could potentially overflow the memcpy from the surface to the snooped image leading to crashes. To fix it the dimensions of the copybox have to be validated against the expected size of the snooped cursor.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 3.2, < 4.9.337 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/439cbbc1519547f9a7b483f0de33b556ebfec901Patch
- https://git.kernel.org/stable/c/4cf949c7fafe21e085a4ee386bb2dade9067316ePatch
- https://git.kernel.org/stable/c/4d54d11b49860686331c58a00f733b16a93edfc4Patch
- https://git.kernel.org/stable/c/50d177f90b63ea4138560e500d92be5e4c928186Patch
- https://git.kernel.org/stable/c/622d527decaac0eb65512acada935a0fdc1d0202Patch
- https://git.kernel.org/stable/c/6948e570f54f2044dd4da444b10471373a047eebPatch
- https://git.kernel.org/stable/c/6b4e70a428b5a11f56db94047b68e144529fe512Patch
- https://git.kernel.org/stable/c/94b283341f9f3f0ed56a360533766377a01540e0Patch
- https://git.kernel.org/stable/c/ee8d31836cbe7c26e207bfa0a4a726f0a25cfcf6Patch
FAQ
What is CVE-2022-50440?
CVE-2022-50440 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Validate the box size for the snooped cursor Invalid userspace dma surface copies could potentially overflow the memcp...
How severe is CVE-2022-50440?
CVE-2022-50440 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-50440?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.