CVE-2017-7261

🗓️ 24 Mar 2017 21:00:00Reported by mitreType

cve🔗 web.nvd.nist.gov👁 131 Views🌐 WEB

The vmw_surface_define_ioctl function in Linux kernel through 4.10.5 allows local users to cause a denial of service via crafted ioctl call

Reporter	Title	Published	Views	Family All 167
Cloud Foundry	USN-3291-3: Linux kernel (Xenial HWE) vulnerabilities \| Cloud Foundry	2 Jun 201700:00	–	cloudfoundry
CNVD	Linux kernel security bypass vulnerability (CNVD-2017-05575)	30 Mar 201700:00	–	cnvd
Cvelist	CVE-2017-7261	24 Mar 201721:00	–	cvelist
Debian	[SECURITY] [DLA 922-1] linux security update	28 Apr 201712:39	–	debian
Debian CVE	CVE-2017-7261	24 Mar 201721:00	–	debiancve
Tenable Nessus	Debian DLA-922-1 : linux security update	1 May 201700:00	–	nessus
Tenable Nessus	EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1472)	13 May 201900:00	–	nessus
Tenable Nessus	EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1502)	13 May 201900:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-2274)	8 Nov 201900:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-2353)	10 Dec 201900:00	–	nessus

NVD

Node

Source	Link
securityfocus	www.securityfocus.com/bid/97096
marc	www.marc.info/
lists	www.lists.freedesktop.org/archives/dri-devel/2017-March/136814.html
bugzilla	www.bugzilla.redhat.com/show_bug.cgi

Parameter	Position	Path	Description	CWE
levels data	path	/dev/dri/renderD*	ZERO_SIZE_PTR dereference via unchecked zero value in levels data in vmw_surface_define_ioctl between vmwgfx driver and /dev/dri/renderD* device	CWE-20
ioctl payload	path	/dev/dri/renderD*	ZERO_SIZE_PTR dereference via unchecked zero value in levels data in vmw_surface_define_ioctl between vmwgfx driver and /dev/dri/renderD* device	CWE-20

13 May 2026 00:24Current

5.6Medium risk

Vulners AI Score5.6

CVSS 24.9

CVSS 35.5

EPSS0.00063