| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 31 Mar 2017 06:47:30 -0400 (EDT) From: Vladis Dronov <vdronov@...hat.com> To: dri-devel@...ts.freedesktop.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] kernel: drm/vmwgfx: limit the number of mip levels in vmw_gb_surface_define_ioctl() This flaw was assigned an id CVE-2017-7346 by MITRE: http://seclists.org/oss-sec/2017/q1/696 Best regards, Vladis Dronov | Red Hat, Inc. | Product Security Engineer ----- Original Message ----- From: "Vladis Dronov" <vdronov@...hat.com> To: "VMware Graphics" <linux-graphics-maintainer@...are.com>, "Sinclair Yeh" <syeh@...are.com>, "Thomas Hellstrom" <thellstrom@...are.com>, "David Airlie" <airlied@...ux.ie>, dri-devel@...ts.freedesktop.org, linux-kernel@...r.kernel.org Cc: "Vladis Dronov" <vdronov@...hat.com> Sent: Thursday, March 30, 2017 12:27:12 PM Subject: [PATCH] kernel: drm/vmwgfx: limit the number of mip levels in vmw_gb_surface_define_ioctl() The 'req->mip_levels' parameter in vmw_gb_surface_define_ioctl() is a user-controlled 'uint32_t' value which is used as a loop count limit. This can lead to a kernel lockup and DoS. Add check for 'req->mip_levels'. References: https://bugzilla.redhat.com/show_bug.cgi?id=1437431 Signed-off-by: Vladis Dronov <vdronov@...hat.com>
Powered by blists - more mailing lists