Vulmon
Hi!
A vulnerability was found in the vmwgfx driver that allows unprivileged
users to gain access to files opened by other processes on the system
through a dangling 'file' pointer.
Exploiting this vulnerability requires an attacker to have access to
either /dev/dri/card0 or /dev/dri/rendererD128 and be able to issue an
ioctl() on the resulting file descriptor.
Linux kernels making use of the vmwgfx driver and containing commit
c906965dee22 ("drm/vmwgfx: Add export fence to file descriptor support")
are affected, which is v4.14+.
If the vmwgfx driver isn't loaded, your system isn't affected.
Systems using the VMWare graphics card emulated by QEMU (-vga vmware)
aren't affected either, as these lack a required feature that makes the
driver fail to load.
Attached are patches as have been sent to linux-distros on Jan. 21st.
They're against mainline Linux (0001-*.patch) or backports for all
affected kernels (backport-*.patch) respectively. They should soon be
merged into the corresponding Linux kernel trees.
CVE-2022-22942 was allocated for this issue.
Thanks,
Mathias