{ "threat_severity" : "Moderate", "public_date" : "2025-10-01T00:00:00Z", "bugzilla" : { "description" : "kernel: Linux kernel: Denial of Service in vmwgfx due to invalid DMA surface copies", "id" : "2400740", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2400740" }, "cvss3" : { "cvss3_base_score" : "5.8", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", "status" : "verified" }, "cwe" : "CWE-119", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\ndrm/vmwgfx: Validate the box size for the snooped cursor\nInvalid userspace dma surface copies could potentially overflow\nthe memcpy from the surface to the snooped image leading to crashes.\nTo fix it the dimensions of the copybox have to be validated\nagainst the expected size of the snooped cursor.", "A flaw was discovered in the Linux kernel’s DRM vmwgfx driver related to how cursor images are snooped and copied. When the dimensions of a DMA surface copybox were derived from untrusted userspace data without proper validation against the expected snooped cursor size, an invalid size could cause an oversized memcpy operation. This may lead to a buffer overflow condition and crash the kernel when rendering or handling VMware graphics cursor updates." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2023-11-14T00:00:00Z", "advisory" : "RHSA-2023:7077", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kernel-0:4.18.0-513.5.1.el8_9" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-11-07T00:00:00Z", "advisory" : "RHSA-2023:6583", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-362.8.1.el9_3" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-11-07T00:00:00Z", "advisory" : "RHSA-2023:6583", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-362.8.1.el9_3" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-50440\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-50440\nhttps://lore.kernel.org/linux-cve-announce/2025100101-CVE-2022-50440-1afd@gregkh/T" ], "name" : "CVE-2022-50440", "mitigation" : { "value" : "To mitigate this issue, prevent the `vmwgfx` kernel module from loading. This is suitable for systems not running as VMware guests or not requiring VMware graphics.\n1. Create `/etc/modprobe.d/blacklist-vmwgfx.conf` with:\n```\nblacklist vmwgfx\ninstall vmwgfx /bin/true\n```\n2. Regenerate the initramfs:\nFor RHEL 7: `dracut -f -v`\nFor RHEL 8/9: `dracut -f --regenerate-all`\n3. Reboot the system.\nThis may impact graphical functionality if VMware graphics are required.", "lang" : "en:us" }, "csaw" : false }