Published: 24/03/2017 Updated: 29/03/2017

CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 437

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel up to and including 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel

Several security issues were fixed in the kernel ...

Several security issues were fixed in the Linux kernel ...

Several security issues were fixed in the kernel ...

Several security issues were fixed in the Linux kernel ...

Several security issues were fixed in the kernel ...

Several security issues were fixed in the Linux kernel ...

CWE-20 https://lists.freedesktop.org/archives/dri-devel/2017-March/136814.html https://bugzilla.redhat.com/show_bug.cgi?id=1435719 http://marc.info/?t=149037004200005&r=1&w=2 http://www.securityfocus.com/bid/97096 https://nvd.nist.gov https://usn.ubuntu.com/3291-2/

CVE-2017-7261

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect