CVE-2025-40277: Critical Red Hat Enterprise Linux vmwgfx Driver Flaw Allows Kernel Privilege Escalation
A critical integer overflow vulnerability in the vmwgfx driver of Red Hat Enterprise Linux, discovered during Pwn2Own, allows local attackers to escalate privileges to kernel level.
Red Hat has released a security update to address CVE-2025-40277, a critical integer overflow vulnerability in the vmwgfx graphics driver of Red Hat Enterprise Linux. The flaw was discovered and reported through the Pwn2Own hacking contest by researcher Pumpkin (@u1f383) from the DEVCORE Research Team.
The vulnerability resides in the `vmw_cmd_check` function within the vmwgfx driver. The lack of proper validation of user-supplied data can result in an integer overflow before writing to memory. An attacker with low privileges on the target system can exploit this condition to escalate privileges and execute arbitrary code in the context of the kernel, effectively gaining full control of the system.
Assigned a CVSS score of 8.8 (High), the vulnerability is categorized as a local privilege escalation flaw. The attack vector is local, requiring the attacker to already have some level of access, but the impact is severe: confidentiality, integrity, and availability are all compromised with high impact. The vulnerability affects multiple versions of Red Hat Enterprise Linux that utilize the vmwgfx driver.
Red Hat has issued a patch for CVE-2025-40277, and the advisory is available on the Red Hat security portal. Users are strongly advised to apply the update as soon as possible. The patch addresses the integer overflow by adding proper bounds checking in the affected code path.
The vulnerability was privately reported to Red Hat on May 29, 2025, and publicly disclosed on March 30, 2026, after coordinated disclosure. The advisory from Zero Day Initiative (ZDI-26-232) provides additional technical details and credit to the researcher.
This finding highlights the ongoing risks in kernel-level drivers, which often run with elevated privileges and can serve as a gateway for attackers. The Pwn2Own contest continues to surface such vulnerabilities, driving improvements in enterprise security. Administrators of Red Hat Enterprise Linux systems should prioritize this update to prevent potential privilege escalation attacks.