Linux Kernel CVE-2017-7346 Local Denial of Service Vulnerability

by CIRT Team

Description: The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a denial of service (system hang) via a crafted ioctl call for a /dev/dri/renderD* device.

Impact: A local attacker can exploit this issue to cause a denial-of-service condition. Linux Kernel 4.10.7 and prior versions are vulnerable.

Mitigation: Updates are available. Please check specific vendor advisory for more information.

Reference URL’s:

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7346
• http://www.securityfocus.com/bid/97257/info
• https://bugzilla.redhat.com/show_bug.cgi?id=1437431
• https://www.kernel.org/

CIRT Team

Recommended Posts

Active Exploitation of Critical F5 BIG – IP Vulnerability (CVE–2023-46747) Uncovered in Bangladesh

06 Nov 2024 - Security Advisories & Alerts

Emerging Threat_Stealer Malware (Lumma C2) Campaign with fake CAPTCHA pages

08 Oct 2024 - Security Advisories & Alerts

Detection of Fog Ransomware Footprint in Cyber Space of Bangladesh

12 Sep 2024 - Security Advisories & Alerts