CVE-2017-7294
kernel: drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl()
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.6 does not validate addition of certain levels data, which allows local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device.
La función vmw_surface_define_ioctl en drivers/gpu/drm/vmwgfx/vmwgfx_surface.c en el kernel de Linux hasta la versión 4.10.6 no valida adicción de ciertos niveles de datos, lo que permite a usuarios locales activar un desbordamiento de entero y lectura de fuera de límites, y provocar una denegación de servicio (bloqueo del sistema o caída) o posiblemente ganar privilegios, a través de una llamada ioctl manipulada para un dispositivo /dev/dri/renderD*.
An out-of-bounds write vulnerability was found in the Linux kernel's vmw_surface_define_ioctl() function, in the 'drivers/gpu/drm/vmwgfx/vmwgfx_surface.c' file. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-03-28 CVE Reserved
- 2017-03-29 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-190: Integer Overflow or Wraparound
- CWE-787: Out-of-bounds Write
CAPEC
References (6)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/97177 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1436798 | 2018-04-10 | |
https://lists.freedesktop.org/archives/dri-devel/2017-March/137094.html | 2023-02-10 |
URL | Date | SRC |
---|---|---|
https://access.redhat.com/errata/RHSA-2018:0676 | 2023-02-10 | |
https://access.redhat.com/errata/RHSA-2018:1062 | 2023-02-10 | |
https://access.redhat.com/security/cve/CVE-2017-7294 | 2018-04-10 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.2 < 3.2.89 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.2 < 3.2.89" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.3 < 3.10.107 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.3 < 3.10.107" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.11 < 3.12.74 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.11 < 3.12.74" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.13 < 3.16.44 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.13 < 3.16.44" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.17 < 3.18.50 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.17 < 3.18.50" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.19 < 4.1.40 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 4.1.40" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.2 < 4.4.61 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.2 < 4.4.61" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.5 < 4.9.22 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 4.9.22" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.10 < 4.10.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 4.10.10" | - |
Affected
|