{"id":"CVE-2017-7294","details":"The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.6 does not validate addition of certain levels data, which allows local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device.","modified":"2026-03-14T09:26:29.705776Z","published":"2017-03-29T02:59:00.147Z","related":["SUSE-SU-2017:1059-1","SUSE-SU-2017:1060-1","SUSE-SU-2017:1064-1","SUSE-SU-2017:1183-1","SUSE-SU-2017:1247-1","SUSE-SU-2017:1277-1","SUSE-SU-2017:1279-1","SUSE-SU-2017:1280-1","SUSE-SU-2017:1283-1","SUSE-SU-2017:1284-1","SUSE-SU-2017:1288-1","SUSE-SU-2017:1289-1","SUSE-SU-2017:1290-1","SUSE-SU-2017:1293-1","SUSE-SU-2017:1294-1","SUSE-SU-2017:1295-1","SUSE-SU-2017:1297-1","SUSE-SU-2017:1301-1","SUSE-SU-2017:1303-1","SUSE-SU-2017:1308-1","SUSE-SU-2017:1360-1","SUSE-SU-2017:1990-1","SUSE-SU-2017:2342-1","SUSE-SU-2017:2525-1"],"references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/97177"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:0676"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1062"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1436798"},{"type":"FIX","url":"https://lists.freedesktop.org/archives/dri-devel/2017-March/137094.html"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"3.2"},{"fixed":"3.2.89"}]},{"events":[{"introduced":"3.3"},{"fixed":"3.10.107"}]},{"events":[{"introduced":"3.11"},{"fixed":"3.12.74"}]},{"events":[{"introduced":"3.13"},{"fixed":"3.16.44"}]},{"events":[{"introduced":"3.17"},{"fixed":"3.18.50"}]},{"events":[{"introduced":"3.19"},{"fixed":"4.1.40"}]},{"events":[{"introduced":"4.2"},{"fixed":"4.4.61"}]},{"events":[{"introduced":"4.5"},{"fixed":"4.9.22"}]},{"events":[{"introduced":"4.10"},{"fixed":"4.10.10"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7294.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}