{"id":"CVE-2022-36280","details":"An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).","modified":"2026-03-13T05:55:42.399740Z","published":"2022-09-09T15:15:10.497Z","related":["MGASA-2023-0007","MGASA-2023-0008","SUSE-SU-2023:0485-1","SUSE-SU-2023:0488-1","SUSE-SU-2023:0618-1","SUSE-SU-2023:0634-1","SUSE-SU-2023:0767-1","SUSE-SU-2023:0768-1","SUSE-SU-2023:0774-1","SUSE-SU-2023:0778-1","SUSE-SU-2023:0779-1","SUSE-SU-2023:0780-1","SUSE-SU-2023:0852-1","SUSE-SU-2023:1608-1","SUSE-SU-2023:1710-1","SUSE-SU-2023:2646-1","SUSE-SU-2023:2809-1","SUSE-SU-2023:2871-1","SUSE-SU-2025:0201-1","SUSE-SU-2025:0201-2","SUSE-SU-2025:0229-1","SUSE-SU-2025:03613-1","SUSE-SU-2025:03614-1","SUSE-SU-2025:03615-1","SUSE-SU-2025:03626-1","SUSE-SU-2025:03628-1","SUSE-SU-2025:3716-1","SUSE-SU-2025:3761-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html"},{"type":"ADVISORY","url":"https://www.debian.org/security/2023/dsa-5324"},{"type":"REPORT","url":"https://bugzilla.openanolis.cn/show_bug.cgi?id=2071"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"3.2"},{"last_affected":"5.13.0-52"}]},{"events":[{"introduced":"0"},{"last_affected":"11.0"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-36280.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}