Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce - Linux kernel: denial of service via the module drm/vmwgfx

May 2017 by Vigil@nce

This bulletin was written by Vigil@nce : https://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

A local attacker can use an ioctl system call to the video device
driver vmwgfx of the Linux kernel, in order to make the kernel
panic.

Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, Linux,
openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.

Severity: 2/4.

Creation date: 27/03/2017.

DESCRIPTION OF THE VULNERABILITY

The Linux kernel includes a video driver vmwgfx for guests systems
running under VMware ESX.

This driver defines a device "/dev/dri/renderD128" which accepts
ioctl system calls. However, the routine vmw_surface_define_ioctl()
that implements ioctl calls does not rightly check its argument
"num_sizes". A null value leads to a bad memory allocation, then
to an invalid pointer dereference and a fatal exception. See also
VIGILANCE-VUL-22282 et VIGILANCE-VUL-22298.

A local attacker can therefore use an ioctl system call to the
video device driver vmwgfx of the Linux kernel, in order to make
the kernel panic.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

https://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-the-module-drm-vmwgfx-22260


See previous articles

    

See next articles












Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts