CVE-2022-48771

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-48771
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48771.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-48771
Downstream
Related
Published
2024-06-20T11:13:45.896Z
Modified
2026-03-20T12:21:50.732350Z
Summary
drm/vmwgfx: Fix stale file descriptors on failed usercopy
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/vmwgfx: Fix stale file descriptors on failed usercopy

A failing usercopy of the fencerep object will lead to a stale entry in the file descriptor table as putunused_fd() won't release it. This enables userland to refer to a dangling 'file' object through that still valid file descriptor, leading to all kinds of use-after-free exploitation scenarios.

Fix this by deferring the call to fd_install() until after the usercopy has succeeded.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48771.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
c906965dee22d5e95d0651759ba107b420212a9f
Fixed
e8d092a62449dcfc73517ca43963d2b8f44d0516
Fixed
0008a0c78fc33a84e2212a7c04e6b21a36ca6f4d
Fixed
84b1259fe36ae0915f3d6ddcea6377779de48b82
Fixed
ae2b20f27732fe92055d9e7b350abc5cdf3e2414
Fixed
6066977961fc6f437bc064f628cf9b0e4571c56c
Fixed
1d833b27fb708d6fdf5de9f6b3a8be4bd4321565
Fixed
a0f90c8815706981c483a652a6aefca51a5e191c

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48771.json"