{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-07-04T00:00:00", "descriptions": [{"lang": "en", "value": "Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel through 4.11.8 allows attackers to cause a denial of service (memory consumption) by triggering object-initialization failures."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-03T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "DSA-3927", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2017/dsa-3927"}, {"name": "99433", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/99433"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://lkml.org/lkml/2017/4/6/668"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/385aee965b4e4c36551c362a334378d2985b722a"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=385aee965b4e4c36551c362a334378d2985b722a"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-10810", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel through 4.11.8 allows attackers to cause a denial of service (memory consumption) by triggering object-initialization failures."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-3927", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3927"}, {"name": "99433", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99433"}, {"name": "https://lkml.org/lkml/2017/4/6/668", "refsource": "CONFIRM", "url": "https://lkml.org/lkml/2017/4/6/668"}, {"name": "https://github.com/torvalds/linux/commit/385aee965b4e4c36551c362a334378d2985b722a", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/385aee965b4e4c36551c362a334378d2985b722a"}, {"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=385aee965b4e4c36551c362a334378d2985b722a", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=385aee965b4e4c36551c362a334378d2985b722a"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T17:50:12.121Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-3927", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2017/dsa-3927"}, {"name": "99433", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/99433"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://lkml.org/lkml/2017/4/6/668"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/385aee965b4e4c36551c362a334378d2985b722a"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=385aee965b4e4c36551c362a334378d2985b722a"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-10810", "datePublished": "2017-07-04T20:00:00", "dateReserved": "2017-07-04T00:00:00", "dateUpdated": "2024-08-05T17:50:12.121Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F09881FD-5BBD-4E0F-88C0-C795EE420DC5", "versionEndExcluding": "4.4.77", "versionStartIncluding": "4.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "86853D2B-E143-47D3-9419-39AB1F0960D8", "versionEndExcluding": "4.9.37", "versionStartIncluding": "4.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EE4EAA36-3647-4C48-8C52-857C95CAD243", "versionEndExcluding": "4.11.10", "versionStartIncluding": "4.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel through 4.11.8 allows attackers to cause a denial of service (memory consumption) by triggering object-initialization failures."}, {"lang": "es", "value": "Una fuga de memoria en la funci\u00f3n virtio_gpu_object_create en drivers/gpu/drm/virtio/virtgpu_object.c en el kernel de Linux hasta la versi\u00f3n 4.11.8 permite que atacantes provoquen una denegaci\u00f3n de servicio (consumo de memoria) desencadenando fallos de inicializaci\u00f3n de objetos."}], "id": "CVE-2017-10810", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-07-04T20:29:00.197", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=385aee965b4e4c36551c362a334378d2985b722a"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2017/dsa-3927"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/99433"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/385aee965b4e4c36551c362a334378d2985b722a"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "https://lkml.org/lkml/2017/4/6/668"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=385aee965b4e4c36551c362a334378d2985b722a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2017/dsa-3927"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/99433"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/385aee965b4e4c36551c362a334378d2985b722a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "https://lkml.org/lkml/2017/4/6/668"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-772"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Li Qiang (Qihoo 360 Gear Team) for reporting this issue.", "bugzilla": {"description": "Kernel: virtio-gpu: memory leakage while creating gpu object", "id": "1468023", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1468023"}, "csaw": false, "cvss": {"cvss_base_score": "2.9", "cvss_scoring_vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P", "status": "draft"}, "cvss3": {"cvss3_base_score": "4.1", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-772", "details": ["Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel through 4.11.8 allows attackers to cause a denial of service (memory consumption) by triggering object-initialization failures."], "name": "CVE-2017-10810", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "kernel-alt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Not affected", "package_name": "realtime-kernel", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2017-04-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-10810\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10810"], "statement": "This issue does not affect the versions of the kernel package as shipped with\nRed Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.\nThis issue affects the version of Linux kernel as shipped with\nRed Hat Enterprise Linux 7.\nThis has been rated as having Low security impact and is not currently\nplanned to be addressed in future updates. For additional information, refer\nto the Red Hat Enterprise Linux Life Cycle:\nhttps://access.redhat.com/support/policy/updates/errata/.", "threat_severity": "Low"}

{}