{
  "threat_severity" : "Low",
  "public_date" : "2025-12-09T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: drm/vmwgfx: Fix memory leak in vmw_mksstat_add_ioctl()",
    "id" : "2420343",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2420343"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-771",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\ndrm/vmwgfx: Fix memory leak in vmw_mksstat_add_ioctl()\nIf the copy of the description string from userspace fails, then the page\nfor the instance descriptor doesn't get freed before returning -EFAULT,\nwhich leads to a memleak.", "A memory leak vulnerability was found in the VMware graphics driver (vmwgfx) in the Linux kernel. In vmw_mksstat_add_ioctl(), when copying the description string from userspace fails with -EFAULT, the allocated page for the instance descriptor is not freed. This leads to memory leakage that can cause resource exhaustion." ],
  "statement" : "This is a memory leak in the VMware graphics driver affecting systems running as VMware guests. The leak occurs only when copying data from userspace fails, which limits the attack surface to local users with graphics access.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2023-11-14T00:00:00Z",
    "advisory" : "RHSA-2023:7077",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-513.5.1.el8_9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-50667\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-50667\nhttps://lore.kernel.org/linux-cve-announce/2025120945-CVE-2022-50667-01f6@gregkh/T" ],
  "name" : "CVE-2022-50667",
  "mitigation" : {
    "value" : "To mitigate this issue, prevent the vmwgfx module from being loaded. See https://access.redhat.com/solutions/41278 for instructions on how to blacklist a kernel module.",
    "lang" : "en:us"
  },
  "csaw" : false
}