{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2022-50440","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-09-17T14:53:07.010Z","datePublished":"2025-10-01T11:42:16.567Z","dateUpdated":"2026-05-11T19:19:32.240Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:19:32.240Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Validate the box size for the snooped cursor\n\nInvalid userspace dma surface copies could potentially overflow\nthe memcpy from the surface to the snooped image leading to crashes.\nTo fix it the dimensions of the copybox have to be validated\nagainst the expected size of the snooped cursor."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/gpu/drm/vmwgfx/vmwgfx_kms.c"],"versions":[{"version":"2ac863719e518ae1a8f328849e64ea26a222f079","lessThan":"ee8d31836cbe7c26e207bfa0a4a726f0a25cfcf6","status":"affected","versionType":"git"},{"version":"2ac863719e518ae1a8f328849e64ea26a222f079","lessThan":"50d177f90b63ea4138560e500d92be5e4c928186","status":"affected","versionType":"git"},{"version":"2ac863719e518ae1a8f328849e64ea26a222f079","lessThan":"6b4e70a428b5a11f56db94047b68e144529fe512","status":"affected","versionType":"git"},{"version":"2ac863719e518ae1a8f328849e64ea26a222f079","lessThan":"94b283341f9f3f0ed56a360533766377a01540e0","status":"affected","versionType":"git"},{"version":"2ac863719e518ae1a8f328849e64ea26a222f079","lessThan":"439cbbc1519547f9a7b483f0de33b556ebfec901","status":"affected","versionType":"git"},{"version":"2ac863719e518ae1a8f328849e64ea26a222f079","lessThan":"6948e570f54f2044dd4da444b10471373a047eeb","status":"affected","versionType":"git"},{"version":"2ac863719e518ae1a8f328849e64ea26a222f079","lessThan":"4d54d11b49860686331c58a00f733b16a93edfc4","status":"affected","versionType":"git"},{"version":"2ac863719e518ae1a8f328849e64ea26a222f079","lessThan":"622d527decaac0eb65512acada935a0fdc1d0202","status":"affected","versionType":"git"},{"version":"2ac863719e518ae1a8f328849e64ea26a222f079","lessThan":"4cf949c7fafe21e085a4ee386bb2dade9067316e","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/gpu/drm/vmwgfx/vmwgfx_kms.c"],"versions":[{"version":"3.2","status":"affected"},{"version":"0","lessThan":"3.2","status":"unaffected","versionType":"semver"},{"version":"4.9.337","lessThanOrEqual":"4.9.*","status":"unaffected","versionType":"semver"},{"version":"4.14.303","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.270","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.229","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.163","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.87","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.0.18","lessThanOrEqual":"6.0.*","status":"unaffected","versionType":"semver"},{"version":"6.1.4","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.2","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2","versionEndExcluding":"4.9.337"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2","versionEndExcluding":"4.14.303"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2","versionEndExcluding":"4.19.270"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2","versionEndExcluding":"5.4.229"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2","versionEndExcluding":"5.10.163"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2","versionEndExcluding":"5.15.87"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2","versionEndExcluding":"6.0.18"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2","versionEndExcluding":"6.1.4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2","versionEndExcluding":"6.2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/ee8d31836cbe7c26e207bfa0a4a726f0a25cfcf6"},{"url":"https://git.kernel.org/stable/c/50d177f90b63ea4138560e500d92be5e4c928186"},{"url":"https://git.kernel.org/stable/c/6b4e70a428b5a11f56db94047b68e144529fe512"},{"url":"https://git.kernel.org/stable/c/94b283341f9f3f0ed56a360533766377a01540e0"},{"url":"https://git.kernel.org/stable/c/439cbbc1519547f9a7b483f0de33b556ebfec901"},{"url":"https://git.kernel.org/stable/c/6948e570f54f2044dd4da444b10471373a047eeb"},{"url":"https://git.kernel.org/stable/c/4d54d11b49860686331c58a00f733b16a93edfc4"},{"url":"https://git.kernel.org/stable/c/622d527decaac0eb65512acada935a0fdc1d0202"},{"url":"https://git.kernel.org/stable/c/4cf949c7fafe21e085a4ee386bb2dade9067316e"}],"title":"drm/vmwgfx: Validate the box size for the snooped cursor","x_generator":{"engine":"bippy-1.2.0"}}}}