This flaw was assigned an id CVE-2017-7346 by MITRE:
http://seclists.org/oss-sec/2017/q1/696
Best regards, Vladis Dronov | Red Hat, Inc. | Product Security Engineer
----- Original Message ----- From: "Vladis Dronov" vdronov@redhat.com To: "VMware Graphics" linux-graphics-maintainer@vmware.com, "Sinclair Yeh" syeh@vmware.com, "Thomas Hellstrom" thellstrom@vmware.com, "David Airlie" airlied@linux.ie, dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org Cc: "Vladis Dronov" vdronov@redhat.com Sent: Thursday, March 30, 2017 12:27:12 PM Subject: [PATCH] kernel: drm/vmwgfx: limit the number of mip levels in vmw_gb_surface_define_ioctl()
The 'req->mip_levels' parameter in vmw_gb_surface_define_ioctl() is a user-controlled 'uint32_t' value which is used as a loop count limit. This can lead to a kernel lockup and DoS. Add check for 'req->mip_levels'.
References: https://bugzilla.redhat.com/show_bug.cgi?id=1437431 Signed-off-by: Vladis Dronov vdronov@redhat.com