Linux Kernel VMWGFX DRM Subsystem Out-of-Bounds Access Vulnerability

A vulnerability in the Linux kernel's VMWGFX Direct Rendering Manager (DRM) subsystem can lead to out-of-bounds accesses. This issue arises in the 'vmw_translate_ptr' functions, which improperly handle pointer translations. The vulnerability exists in several Linux kernel versions within the stable group.

Impact

The vulnerability can cause out-of-bounds accesses, potentially leading to memory corruption or unauthorized memory access.

Reproduction

The vulnerability can be reproduced by using the VMWGFX DRM subsystem in the Linux kernel. The 'vmw_translate_ptr' functions will return success even when they fail, due to an error in how pointer lookups are handled. This flaw can be triggered by scenarios that require translating memory object buffer pointers or guest pointers, which are common in graphics operations.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. The specific commit that addresses this issue is '5023ca80f9589295cb60735016e39fc5cc714243', which is available in the Linux kernel Git repository.