Medium severity6.3NVD Advisory· Published Sep 9, 2022· Updated May 12, 2026

CVE-2022-38096

Description

A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).

Affected products

Linux/Kernel2 versions
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=4.20
- (no CPE)range: v4.20-rc1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugzilla.openanolis.cn/show_bug.cginvdIssue TrackingPermissions Required
cert-portal.siemens.com/productcert/html/ssa-265688.htmlnvd
lists.debian.org/debian-lts-announce/2024/06/msg00017.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.410
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000