PatchSiren cyber security CVE debrief

CVE-2022-38096 Linux CVE debrief

CVE-2022-38096 is a Linux kernel vmwgfx NULL pointer dereference issue. The NVD record identifies affected Linux kernel versions starting at 4.20 and rates the issue CVSS 3.1 6.3 MEDIUM (AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H). In practical terms, a local attacker with an account and user interaction could trigger a kernel fault that may lead to denial of service, with the record also noting low integrity impact.

Vendor: Linux
Product: Unknown
CVSS: MEDIUM 6.3
CISA KEV: Not listed in stored evidence
Original CVE published: 2024-04-09
Original CVE updated: 2026-05-14
Advisory published: 2024-04-09
Advisory updated: 2026-05-14

Who should care

Linux system administrators, distro maintainers, virtualization and desktop platform owners, and incident responders should care most, especially where multi-user access is allowed and kernel updates are centrally managed.

Technical summary

The official NVD metadata ties CVE-2022-38096 to CWE-476 (NULL Pointer Dereference) and lists the vulnerable CPE as linux_kernel with versionStartIncluding 4.20. The supplied description places the flaw in the vmwgfx driver path under drivers/gpu/vmxgfx/vmxgfx_execbuf.c and says a local attacker with a user account can trigger the issue. The source metadata also links official/public references from OpenAnolis Bugzilla, Debian LTS, and Siemens ProductCERT, but no fixed version is provided in the supplied corpus.

Defensive priority

Medium. Prioritize this as a routine but important kernel patching item for systems running affected Linux kernels, especially fleets that allow local user access and depend on stable kernel availability.

Recommended defensive actions

Inventory Linux systems running kernel versions at or above 4.20 and compare them against your distribution's backport status.
Apply vendor kernel updates that include the vmwgfx fix; use distro security notices or vendor advisories to confirm the patched build.
Restrict unnecessary local account access and review multi-user exposure, since the NVD vector requires local privileges and user interaction.
Monitor for kernel crashes, oops messages, or unexpected reboots that mention vmwgfx or vmxgfx_execbuf paths.
After patching, validate that the updated kernel boots and that graphics/virtualization workloads behave normally.
Track vendor advisories referenced in the record, including Debian LTS, OpenAnolis Bugzilla, and Siemens ProductCERT, for package-specific remediation guidance.

Evidence notes

The supplied official metadata shows CVE-2022-38096 as a Linux kernel issue with CWE-476 and CVSS 3.1 vector AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H. It also lists a vulnerable Linux kernel CPE beginning at 4.20 and references public advisories from OpenAnolis Bugzilla, Debian LTS, and Siemens ProductCERT. This debrief stays within that corpus and does not infer a fixed build or exploit details beyond the provided data.

Official resources

CVE-2022-38096 CVE record
CVE.org
CVE-2022-38096 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected] - Issue Tracking, Permissions Required
Source reference
[email protected]
Source reference
0b142b55-0307-4c5a-b3c9-f314f3fb7c5e

Publicly disclosed in the CVE/NVD record on 2022-09-09; NVD metadata was last modified on 2026-05-12.