What is CVE-2022-36402?

CVE-2022-36402 is a medium-severity vulnerability in Linux Kernel, classified under Incorrect Access of Indexable Resource ('Range Error'). CVSS score: 6.3/10. Published 2022-09-16.

How severe is CVE-2022-36402?

Medium severity. CVSS v3 base score is 6.3 out of 10.

Vulnerability in Linux Kernel

CVE-2022-36402

An integer overflow vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on…

EPSS: 0.001 (16.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H.

Affected products

Linux Kernel — versions v4.3-rc1

Weakness classification (CWE)

CWE-118 — Incorrect Access of Indexable Resource ('Range Error')

References

bugzilla.openanolis.cn/show_bug.cgi (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-36402?: CVE-2022-36402 is a medium-severity vulnerability in Linux Kernel, classified under Incorrect Access of Indexable Resource ('Range Error'). CVSS score: 6.3/10. Published 2022-09-16.
How severe is CVE-2022-36402?: Medium severity. CVSS v3 base score is 6.3 out of 10.