Stefan Hoffmeister

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.7.0-rc3-vmwgfx **Description** The vulnerability is related to the drm/vmwgfx module in the Linux kernel. It occurs when switching to a new plane state, which requires unreferencing all held surfaces. However, the variable indicating whether the surface is currently mapped was not being reset, leading to crashes. This happens because after unreferencing the surface, it's possible for the plane to be backed by a buffer object (bo) instead of a surface. The issue is fixed by resetting the surface mapped flag when unreferencing the plane state surface, which prevents null dereferences in cleanup. The vulnerability affects KDE KWin 6.0 on Wayland. **Recommendations** To resolve the issue, update the Linux kernel to a version that includes the fix, which is version 6.7.0-rc3-vmwgfx or later. If updating is not possible, consider temporarily disabling the `vmw du cursor plane cleanup fb` function until a patch is available. However, this is not a recommended long-term solution and may have unintended consequences. The best course of action is to update the kernel to ensure the vulnerability is fully addressed.