{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-48771","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-06-20T11:09:39.061Z","datePublished":"2024-06-20T11:13:45.896Z","dateUpdated":"2025-05-04T08:22:43.964Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T08:22:43.964Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Fix stale file descriptors on failed usercopy\n\nA failing usercopy of the fence_rep object will lead to a stale entry in\nthe file descriptor table as put_unused_fd() won't release it. This\nenables userland to refer to a dangling 'file' object through that still\nvalid file descriptor, leading to all kinds of use-after-free\nexploitation scenarios.\n\nFix this by deferring the call to fd_install() until after the usercopy\nhas succeeded."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/gpu/drm/vmwgfx/vmwgfx_drv.h","drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c","drivers/gpu/drm/vmwgfx/vmwgfx_fence.c","drivers/gpu/drm/vmwgfx/vmwgfx_kms.c"],"versions":[{"version":"c906965dee22d5e95d0651759ba107b420212a9f","lessThan":"e8d092a62449dcfc73517ca43963d2b8f44d0516","status":"affected","versionType":"git"},{"version":"c906965dee22d5e95d0651759ba107b420212a9f","lessThan":"0008a0c78fc33a84e2212a7c04e6b21a36ca6f4d","status":"affected","versionType":"git"},{"version":"c906965dee22d5e95d0651759ba107b420212a9f","lessThan":"84b1259fe36ae0915f3d6ddcea6377779de48b82","status":"affected","versionType":"git"},{"version":"c906965dee22d5e95d0651759ba107b420212a9f","lessThan":"ae2b20f27732fe92055d9e7b350abc5cdf3e2414","status":"affected","versionType":"git"},{"version":"c906965dee22d5e95d0651759ba107b420212a9f","lessThan":"6066977961fc6f437bc064f628cf9b0e4571c56c","status":"affected","versionType":"git"},{"version":"c906965dee22d5e95d0651759ba107b420212a9f","lessThan":"1d833b27fb708d6fdf5de9f6b3a8be4bd4321565","status":"affected","versionType":"git"},{"version":"c906965dee22d5e95d0651759ba107b420212a9f","lessThan":"a0f90c8815706981c483a652a6aefca51a5e191c","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/gpu/drm/vmwgfx/vmwgfx_drv.h","drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c","drivers/gpu/drm/vmwgfx/vmwgfx_fence.c","drivers/gpu/drm/vmwgfx/vmwgfx_kms.c"],"versions":[{"version":"4.14","status":"affected"},{"version":"0","lessThan":"4.14","status":"unaffected","versionType":"semver"},{"version":"4.14.264","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.227","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.175","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.95","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.18","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.16.4","lessThanOrEqual":"5.16.*","status":"unaffected","versionType":"semver"},{"version":"5.17","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14","versionEndExcluding":"4.14.264"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14","versionEndExcluding":"4.19.227"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14","versionEndExcluding":"5.4.175"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14","versionEndExcluding":"5.10.95"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14","versionEndExcluding":"5.15.18"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14","versionEndExcluding":"5.16.4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14","versionEndExcluding":"5.17"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/e8d092a62449dcfc73517ca43963d2b8f44d0516"},{"url":"https://git.kernel.org/stable/c/0008a0c78fc33a84e2212a7c04e6b21a36ca6f4d"},{"url":"https://git.kernel.org/stable/c/84b1259fe36ae0915f3d6ddcea6377779de48b82"},{"url":"https://git.kernel.org/stable/c/ae2b20f27732fe92055d9e7b350abc5cdf3e2414"},{"url":"https://git.kernel.org/stable/c/6066977961fc6f437bc064f628cf9b0e4571c56c"},{"url":"https://git.kernel.org/stable/c/1d833b27fb708d6fdf5de9f6b3a8be4bd4321565"},{"url":"https://git.kernel.org/stable/c/a0f90c8815706981c483a652a6aefca51a5e191c"}],"title":"drm/vmwgfx: Fix stale file descriptors on failed usercopy","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T15:25:00.306Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/e8d092a62449dcfc73517ca43963d2b8f44d0516","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/0008a0c78fc33a84e2212a7c04e6b21a36ca6f4d","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/84b1259fe36ae0915f3d6ddcea6377779de48b82","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/ae2b20f27732fe92055d9e7b350abc5cdf3e2414","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/6066977961fc6f437bc064f628cf9b0e4571c56c","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/1d833b27fb708d6fdf5de9f6b3a8be4bd4321565","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/a0f90c8815706981c483a652a6aefca51a5e191c","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2022-48771","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T17:09:57.107831Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-11T17:34:46.747Z"}}]}}