{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-03-30T00:00:00", "descriptions": [{"lang": "en", "value": "The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a denial of service (system hang) via a crafted ioctl call for a /dev/dri/renderD* device."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-03T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "DSA-3927", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2017/dsa-3927"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://lists.freedesktop.org/archives/dri-devel/2017-March/137429.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://marc.info/?l=linux-kernel&m=149086968410117&w=2"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1437431"}, {"name": "DSA-3945", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2017/dsa-3945"}, {"name": "97257", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/97257"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-7346", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a denial of service (system hang) via a crafted ioctl call for a /dev/dri/renderD* device."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-3927", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3927"}, {"name": "https://lists.freedesktop.org/archives/dri-devel/2017-March/137429.html", "refsource": "CONFIRM", "url": "https://lists.freedesktop.org/archives/dri-devel/2017-March/137429.html"}, {"name": "http://marc.info/?l=linux-kernel&m=149086968410117&w=2", "refsource": "CONFIRM", "url": "http://marc.info/?l=linux-kernel&m=149086968410117&w=2"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1437431", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1437431"}, {"name": "DSA-3945", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3945"}, {"name": "97257", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97257"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T15:56:36.470Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-3927", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2017/dsa-3927"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://lists.freedesktop.org/archives/dri-devel/2017-March/137429.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://marc.info/?l=linux-kernel&m=149086968410117&w=2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1437431"}, {"name": "DSA-3945", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2017/dsa-3945"}, {"name": "97257", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/97257"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-7346", "datePublished": "2017-03-30T23:00:00", "dateReserved": "2017-03-30T00:00:00", "dateUpdated": "2024-08-05T15:56:36.470Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "809E65A8-1DC9-48C1-9DFB-14ADCF1DF50C", "versionEndIncluding": "4.10.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a denial of service (system hang) via a crafted ioctl call for a /dev/dri/renderD* device."}, {"lang": "es", "value": "La funci\u00f3n vmw_gb_surface_define_ioctl en drivers/gpu/drm/vmwgfx/vmwgfx_surface.c en el kernel de Linux hasta la versi\u00f3n4.10.7 no valida ciertos niveles de datos, lo que permite a usuarios locales provocar una denegaci\u00f3n de servicio (colgar sistema) a trav\u00e9s de una llamada al archivo ioctl manipulado para un dispositivo /dev/dri/renderD*."}], "id": "CVE-2017-7346", "lastModified": "2017-11-04T01:29:50.430", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-03-30T23:59:00.163", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "http://marc.info/?l=linux-kernel&m=149086968410117&w=2"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2017/dsa-3927"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2017/dsa-3945"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/97257"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1437431"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://lists.freedesktop.org/archives/dri-devel/2017-March/137429.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: drm/vmwgfx: limit the number of mip levels in vmw_gb_surface_define_ioctl()", "id": "1437431", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1437431"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-20", "details": ["The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a denial of service (system hang) via a crafted ioctl call for a /dev/dri/renderD* device.", "In the Linux kernel's vmw_gb_surface_define_ioctl() function, in 'drivers/gpu/drm/vmwgfx/vmwgfx_surface.c' file, a 'req->mip_levels' is a user-controlled value which is later used as a loop count limit. This allows local unprivileged user to cause a denial of service by a kernel lockup via a crafted ioctl call for a '/dev/dri/renderD*' device."], "name": "CVE-2017-7346", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Will not fix", "package_name": "realtime-kernel", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2017-03-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-7346\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7346"], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the code where the flaw was found is not present in this product.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "threat_severity": "Low"}