{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T04:40:56.160","vulnerabilities":[{"cve":{"id":"CVE-2022-48771","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2024-06-20T12:15:15.043","lastModified":"2025-01-06T21:41:47.617","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Fix stale file descriptors on failed usercopy\n\nA failing usercopy of the fence_rep object will lead to a stale entry in\nthe file descriptor table as put_unused_fd() won't release it. This\nenables userland to refer to a dangling 'file' object through that still\nvalid file descriptor, leading to all kinds of use-after-free\nexploitation scenarios.\n\nFix this by deferring the call to fd_install() until after the usercopy\nhas succeeded."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/vmwgfx: corrige descriptores de archivos obsoletos en una copia de usuario fallida. Una copia de usuario fallida del objeto valla_rep generará una entrada obsoleta en la tabla de descriptores de archivos, ya que put_unused_fd() no lo liberará. Esto permite al usuario hacer referencia a un objeto 'archivo' pendiente a través de ese descriptor de archivo aún válido, lo que lleva a todo tipo de escenarios de explotación de use-after-free. Solucione este problema posponiendo la llamada a fd_install() hasta que la copia del usuario se haya realizado correctamente."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14","versionEndExcluding":"4.14.264","matchCriteriaId":"230007AB-5013-4A44-A8FD-13A8239FD09A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"4.19.227","matchCriteriaId":"6C0D30D6-E8EC-41F5-BF1A-3CCB1034752B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"5.4.175","matchCriteriaId":"46470E09-F127-47BD-AE84-51EF5A1E7667"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"5.10.95","matchCriteriaId":"5A304480-62CF-4C12-B158-E4701C3527C7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.18","matchCriteriaId":"B82C4819-4E4F-41A7-99A9-0BDCC5144108"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"5.16.4","matchCriteriaId":"DFD4BEA8-F0A8-4843-B31D-5B8954360C18"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*","matchCriteriaId":"7BD5F8D9-54FA-4CB0-B4F0-CB0471FDDB2D"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0008a0c78fc33a84e2212a7c04e6b21a36ca6f4d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1d833b27fb708d6fdf5de9f6b3a8be4bd4321565","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6066977961fc6f437bc064f628cf9b0e4571c56c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/84b1259fe36ae0915f3d6ddcea6377779de48b82","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a0f90c8815706981c483a652a6aefca51a5e191c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ae2b20f27732fe92055d9e7b350abc5cdf3e2414","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e8d092a62449dcfc73517ca43963d2b8f44d0516","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/0008a0c78fc33a84e2212a7c04e6b21a36ca6f4d","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1d833b27fb708d6fdf5de9f6b3a8be4bd4321565","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6066977961fc6f437bc064f628cf9b0e4571c56c","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/84b1259fe36ae0915f3d6ddcea6377779de48b82","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a0f90c8815706981c483a652a6aefca51a5e191c","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ae2b20f27732fe92055d9e7b350abc5cdf3e2414","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e8d092a62449dcfc73517ca43963d2b8f44d0516","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]}]}}]}