PatchSiren cyber security CVE debrief
CVE-2022-38096 Linux CVE debrief
CVE-2022-38096 is a Linux kernel vmwgfx NULL pointer dereference issue. The NVD record identifies affected Linux kernel versions starting at 4.20 and rates the issue CVSS 3.1 6.3 MEDIUM (AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H). In practical terms, a local attacker with an account and user interaction could trigger a kernel fault that may lead to denial of service, with the record also noting low integrity impact.
- Vendor
- Linux
- Product
- CVE-2022-38096
- CVSS
- MEDIUM 6.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2022-09-09
- Original CVE updated
- 2026-05-12
- Advisory published
- 2022-09-09
- Advisory updated
- 2026-05-12
Who should care
Linux system administrators, distro maintainers, virtualization and desktop platform owners, and incident responders should care most, especially where multi-user access is allowed and kernel updates are centrally managed.
Technical summary
The official NVD metadata ties CVE-2022-38096 to CWE-476 (NULL Pointer Dereference) and lists the vulnerable CPE as linux_kernel with versionStartIncluding 4.20. The supplied description places the flaw in the vmwgfx driver path under drivers/gpu/vmxgfx/vmxgfx_execbuf.c and says a local attacker with a user account can trigger the issue. The source metadata also links official/public references from OpenAnolis Bugzilla, Debian LTS, and Siemens ProductCERT, but no fixed version is provided in the supplied corpus.
Defensive priority
Medium. Prioritize this as a routine but important kernel patching item for systems running affected Linux kernels, especially fleets that allow local user access and depend on stable kernel availability.
Recommended defensive actions
- Inventory Linux systems running kernel versions at or above 4.20 and compare them against your distribution's backport status.
- Apply vendor kernel updates that include the vmwgfx fix; use distro security notices or vendor advisories to confirm the patched build.
- Restrict unnecessary local account access and review multi-user exposure, since the NVD vector requires local privileges and user interaction.
- Monitor for kernel crashes, oops messages, or unexpected reboots that mention vmwgfx or vmxgfx_execbuf paths.
- After patching, validate that the updated kernel boots and that graphics/virtualization workloads behave normally.
- Track vendor advisories referenced in the record, including Debian LTS, OpenAnolis Bugzilla, and Siemens ProductCERT, for package-specific remediation guidance.
Evidence notes
The supplied official metadata shows CVE-2022-38096 as a Linux kernel issue with CWE-476 and CVSS 3.1 vector AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H. It also lists a vulnerable Linux kernel CPE beginning at 4.20 and references public advisories from OpenAnolis Bugzilla, Debian LTS, and Siemens ProductCERT. This debrief stays within that corpus and does not infer a fixed build or exploit details beyond the provided data.
Official resources
-
CVE-2022-38096 CVE record
CVE.org
-
CVE-2022-38096 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
[email protected] - Issue Tracking, Permissions Required
- Source reference
-
Source reference
0b142b55-0307-4c5a-b3c9-f314f3fb7c5e
Publicly disclosed in the CVE/NVD record on 2022-09-09; NVD metadata was last modified on 2026-05-12.