PT-2017-2269 · Linux+5 · Linux Kernel+5

Li Qiang

·

Publicado

2017-03-27

·

Atualizado

2023-02-10

·

CVE-2017-7294

CVSS v3.1

7.8

Alta

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.10.6
Description The issue is caused by an integer overflow in the vmw surface define ioctl function. This can be exploited by a local attacker to cause a denial of service, such as a system hang or crash, or possibly gain privileges, by making a crafted ioctl call for a /dev/dri/renderD* device. The exploitation allows for out-of-bounds write, which can lead to system instability or privilege escalation.
Recommendations For Linux kernel versions prior to 4.10.6, update to version 4.10.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the /dev/dri/renderD* device to minimize the risk of exploitation.

Correção

DoS

Memory Corruption

Integer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787CWE-190

Identificadores relacionados

ALT-PU-2017-1468
ALT-PU-2017-1469
BDU:2017-01466
CESA-2018_1062
CVE-2017-7294
DLA-922-1
OPENSUSE-SU-2017_1140-1
OPENSUSE-SU-2017_1215-1
RHSA-2018:0676
RHSA-2018:1062
RHSA-2018_0676
RHSA-2018_1062
SUSE-SU-2017:1059-1
SUSE-SU-2017:1060-1
SUSE-SU-2017:1064-1
SUSE-SU-2017:1183-1
SUSE-SU-2017:1247-1
SUSE-SU-2017:1277-1
SUSE-SU-2017:1279-1
SUSE-SU-2017:1280-1
SUSE-SU-2017:1283-1
SUSE-SU-2017:1284-1
SUSE-SU-2017:1288-1
SUSE-SU-2017:1289-1
SUSE-SU-2017:1290-1
SUSE-SU-2017:1293-1
SUSE-SU-2017:1294-1
SUSE-SU-2017:1295-1
SUSE-SU-2017:1297-1
SUSE-SU-2017:1301-1
SUSE-SU-2017:1303-1
SUSE-SU-2017:1308-1
SUSE-SU-2017:1360-1
SUSE-SU-2017:1990-1
SUSE-SU-2017:2342-1
SUSE-SU-2017:2525-1
USN-3291-1
USN-3291-2
USN-3291-3
USN-3293-1
USN-3342-1
USN-3342-2
USN-3343-1
USN-3343-2

Produtos afetados

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu