Upstream information

CVE-2017-7346 at MITRE

Description

The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a denial of service (system hang) via a crafted ioctl call for a /dev/dri/renderD* device.

SUSE information

CVSS v2 Scores
  National Vulnerability Database SUSE
Base Score 4.94 4.35
Vector AV:L/AC:L/Au:N/C:N/I:N/A:C AV:L/AC:M/Au:S/C:N/I:N/A:C
Access Vector Local Local
Access Complexity Low Medium
Authentication None Single
Confidentiality Impact None None
Integrity Impact None None
Availability Impact Complete Complete
CVSS v3 Scores
  National Vulnerability Database
Base Score 5.5
Vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Access Vector Local
Access Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality Impact None
Integrity Impact None
Availability Impact High

This issue is currently rated as having moderate severity.

SUSE Bugzilla entry: 1031796 [CONFIRMED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE Leap 42.2
  • kernel-debug >= 4.4.72-18.12.2
  • kernel-debug-base >= 4.4.72-18.12.2
  • kernel-debug-base-debuginfo >= 4.4.72-18.12.2
  • kernel-debug-debuginfo >= 4.4.72-18.12.2
  • kernel-debug-debugsource >= 4.4.72-18.12.2
  • kernel-debug-devel >= 4.4.72-18.12.2
  • kernel-debug-devel-debuginfo >= 4.4.72-18.12.2
  • kernel-default >= 4.4.72-18.12.2
  • kernel-default-base >= 4.4.72-18.12.2
  • kernel-default-base-debuginfo >= 4.4.72-18.12.2
  • kernel-default-debuginfo >= 4.4.72-18.12.2
  • kernel-default-debugsource >= 4.4.72-18.12.2
  • kernel-default-devel >= 4.4.72-18.12.2
  • kernel-devel >= 4.4.72-18.12.1
  • kernel-docs >= 4.4.72-18.12.3
  • kernel-docs-html >= 4.4.72-18.12.3
  • kernel-docs-pdf >= 4.4.72-18.12.3
  • kernel-macros >= 4.4.72-18.12.1
  • kernel-obs-build >= 4.4.72-18.12.2
  • kernel-obs-build-debugsource >= 4.4.72-18.12.2
  • kernel-obs-qa >= 4.4.72-18.12.1
  • kernel-source >= 4.4.72-18.12.1
  • kernel-source-vanilla >= 4.4.72-18.12.1
  • kernel-syms >= 4.4.72-18.12.1
  • kernel-vanilla >= 4.4.72-18.12.2
  • kernel-vanilla-base >= 4.4.72-18.12.2
  • kernel-vanilla-base-debuginfo >= 4.4.72-18.12.2
  • kernel-vanilla-debuginfo >= 4.4.72-18.12.2
  • kernel-vanilla-debugsource >= 4.4.72-18.12.2
  • kernel-vanilla-devel >= 4.4.72-18.12.2
Patchnames:
openSUSE-2017-716


List of planned updates

The following information is the current evaluation information for this security issue. It might neither be accurate nor complete, Use at own risk.
Product(s) Source package
  • SUSE Linux Enterprise Desktop 12 SP2
  • SUSE Linux Enterprise Server 12 SP2
  • SUSE Linux Enterprise Server for SAP 12 SP2
kernel-source