This flaw was assigned an id CVE-2017-7346 by MITRE: http://seclists.org/oss-sec/2017/q1/696
Best regards, Vladis Dronov | Red Hat, Inc. | Product Security Engineer ----- Original Message ----- From: "Vladis Dronov" <[email protected]> To: "VMware Graphics" <[email protected]>, "Sinclair Yeh" <[email protected]>, "Thomas Hellstrom" <[email protected]>, "David Airlie" <[email protected]>, [email protected], [email protected] Cc: "Vladis Dronov" <[email protected]> Sent: Thursday, March 30, 2017 12:27:12 PM Subject: [PATCH] kernel: drm/vmwgfx: limit the number of mip levels in vmw_gb_surface_define_ioctl() The 'req->mip_levels' parameter in vmw_gb_surface_define_ioctl() is a user-controlled 'uint32_t' value which is used as a loop count limit. This can lead to a kernel lockup and DoS. Add check for 'req->mip_levels'. References: https://bugzilla.redhat.com/show_bug.cgi?id=1437431 Signed-off-by: Vladis Dronov <[email protected]>
