CVE-2017-5577
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 does not set an errno value upon certain overflow detections, which allows local users to cause a denial of service (incorrect pointer dereference and OOPS) via inconsistent size values in a VC4_SUBMIT_CL ioctl call.
La función vc4_get_bcl en drivers/gpc/drm/vc4/vc4_gem.c en el controlador VideoCore DRM en el kernel de Linux en versiones anteriores a 4.9.7 no establece un valor errno sobre ciertas detecciones de desbordamiento, lo que permite a usuarios locales provocar una denegación de servicio (referencia incorrecta al puntero y OOPS) a través de valores de tamaño inconsistentes en una llamada ioctl VC4_SUBMIT_CL.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-01-24 CVE Reserved
- 2017-02-06 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-388: 7PK - Errors
CAPEC
References (7)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/95765 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.7 | 2017-02-08 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 4.9.6 Search vendor "Linux" for product "Linux Kernel" and version " <= 4.9.6" | - |
Affected
|