Linux Kernel CVE-2017-7346 Local Denial of Service Vulnerability
by CIRT Team
Description: The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a denial of service (system hang) via a crafted ioctl call for a /dev/dri/renderD* device.
Impact: A local attacker can exploit this issue to cause a denial-of-service condition. Linux Kernel 4.10.7 and prior versions are vulnerable.
Mitigation: Updates are available. Please check specific vendor advisory for more information.
Reference URL’s:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7346
- http://www.securityfocus.com/bid/97257/info
- https://bugzilla.redhat.com/show_bug.cgi?id=1437431
- https://www.kernel.org/
Recommended Posts
Cyber Threat Alert: Surge in Attacks via Compromised Third-Party Service Providers
08 Feb 2024 - Articles, English articles, Security Advisories & Alerts
Subscribe here
MEMBER OF:
