CVE-2017-7346 : The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx

The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a denial of service (system hang) via a crafted ioctl call for a /dev/dri/renderD* device.

Published 2017-03-30 23:59:00

Updated 2017-11-04 01:29:50

Source MITRE

View at NVD, CVE.org

Vulnerability category: Input validationDenial of service

Products affected by CVE-2017-7346

Linux » Linux Kernel
Versions up to, including, (<=) 4.10.7
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2017-7346

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 16 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-7346

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.9	MEDIUM	AV:L/AC:L/Au:N/C:N/I:N/A:C	3.9	6.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete
5.5	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2017-7346

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-7346

http://www.debian.org/security/2017/dsa-3927

Debian -- Security Information -- DSA-3927-1 linux

CVEs referencing this url
http://www.debian.org/security/2017/dsa-3945

Debian -- Security Information -- DSA-3945-1 linux

CVEs referencing this url
https://lists.freedesktop.org/archives/dri-devel/2017-March/137429.html

[PATCH] kernel: drm/vmwgfx: limit the number of mip levels in vmw_gb_surface_define_ioctl()
Patch;Third Party Advisory
http://www.securityfocus.com/bid/97257

Linux Kernel CVE-2017-7346 Local Denial of Service Vulnerability
Third Party Advisory;VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1437431

1437431 – (CVE-2017-7346) CVE-2017-7346 kernel: drm/vmwgfx: limit the number of mip levels in vmw_gb_surface_define_ioctl()
Issue Tracking;Patch
http://marc.info/?l=linux-kernel&m=149086968410117&w=2

'[PATCH] kernel: drm/vmwgfx: limit the number of mip levels in vmw_gb_surface_define_ioctl()' - MARC
Patch;Third Party Advisory

Jump to

Vulnerability Details : CVE-2017-7346

Products affected by CVE-2017-7346

Exploit prediction scoring system (EPSS) score for CVE-2017-7346

CVSS scores for CVE-2017-7346

CWE ids for CVE-2017-7346

References for CVE-2017-7346