CVE-2017-9605
Summary
| CVE | CVE-2017-9605 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2017-06-13 19:29:00 UTC |
|---|
| Updated | 2017-11-04 01:29:00 UTC |
|---|
| Description | The vmw_gb_surface_define_ioctl function (accessible via DRM_IOCTL_VMW_GB_SURFACE_CREATE) in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.11.4 defines a backup_handle variable but does not give it an initial value. If one attempts to create a GB surface, with a previously allocated DMA buffer to be used as a backup buffer, the backup_handle variable does not get written to and is then later returned to user space, allowing local users to obtain sensitive information from uninitialized kernel memory via a crafted ioctl call. |
|---|
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|
| Operating System |
Linux |
Linux Kernel |
All |
All |
All |
All |
References
| Reference | Source | Link | Tags |
|---|
| kernel/git/torvalds/linux.git - Linux kernel source tree |
CONFIRM |
git.kernel.org |
Issue Tracking, Patch, Third Party Advisory |
| Debian -- Security Information -- DSA-3945-1 linux |
DEBIAN |
www.debian.org |
|
| Linux Kernel 'drivers/gpu/drm/vmwgfx/vmwgfx_surface.c' Local Information Disclosure Vulnerability |
BID |
www.securityfocus.com |
Third Party Advisory, VDB Entry |
| drm/vmwgfx: Make sure backup_handle is always valid · torvalds/linux@07678ec · GitHub |
CONFIRM |
github.com |
Issue Tracking, Patch, Third Party Advisory |
| Debian -- Security Information -- DSA-3927-1 linux |
DEBIAN |
www.debian.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 390237 Oracle Managed Virtualization (VM) Server for x86 Security Update for kernel (OVMSA-2020-0054)
