This flaw was assigned an id CVE-2017-7346 by MITRE: http://seclists.org/oss-sec/2017/q1/696 Best regards, Vladis Dronov | Red Hat, Inc. | Product Security Engineer ----- Original Message ----- From: "Vladis Dronov" <vdronov@xxxxxxxxxx> To: "VMware Graphics" <linux-graphics-maintainer@xxxxxxxxxx>, "Sinclair Yeh" <syeh@xxxxxxxxxx>, "Thomas Hellstrom" <thellstrom@xxxxxxxxxx>, "David Airlie" <airlied@xxxxxxxx>, dri-devel@xxxxxxxxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx Cc: "Vladis Dronov" <vdronov@xxxxxxxxxx> Sent: Thursday, March 30, 2017 12:27:12 PM Subject: [PATCH] kernel: drm/vmwgfx: limit the number of mip levels in vmw_gb_surface_define_ioctl() The 'req->mip_levels' parameter in vmw_gb_surface_define_ioctl() is a user-controlled 'uint32_t' value which is used as a loop count limit. This can lead to a kernel lockup and DoS. Add check for 'req->mip_levels'. References: https://bugzilla.redhat.com/show_bug.cgi?id=1437431 Signed-off-by: Vladis Dronov <vdronov@xxxxxxxxxx> _______________________________________________ dri-devel mailing list dri-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/dri-devel
