CVE-2017-9605

Priority
Low
Description
The vmw_gb_surface_define_ioctl function (accessible via
DRM_IOCTL_VMW_GB_SURFACE_CREATE) in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c
in the Linux kernel through 4.11.4 defines a backup_handle variable but
does not give it an initial value. If one attempts to create a GB surface,
with a previously allocated DMA buffer to be used as a backup buffer, the
backup_handle variable does not get written to and is then later returned
to user space, allowing local users to obtain sensitive information from
uninitialized kernel memory via a crafted ioctl call.
Ubuntu-Description
Murray McAllister discovered that the DRM driver for VMware Virtual GPUs in
the Linux kernel did not properly initialize memory. A local attacker could
use this to expose sensitive information (kernel memory).
References
Package
Upstream:released (4.12~rc5)
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):released (3.13.0-125.174~precise1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
Package
Upstream:released (4.12~rc5)
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):ignored (end-of-life)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
Package
Upstream:released (4.12~rc5)
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.4.0-1004.9)
Ubuntu 17.04 (Zesty Zapus):DNE
Package
linux-vegetahd:not-affected
Package
Upstream:released (4.12~rc5)
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):ignored (end-of-life)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
Patches:
Package
Upstream:released (4.12~rc5)
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-1022.22)
Ubuntu 17.04 (Zesty Zapus):DNE
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (4.12~rc5)
Ubuntu 17.10 (Artful Aardvark):not-affected (4.11.0-10.15)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected
Ubuntu 14.04 LTS (Trusty Tahr):released (3.13.0-125.174)
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-87.110)
Ubuntu 17.04 (Zesty Zapus):released (4.10.0-28.32)
Patches:
Introduced by a97e21923b421993258e8487f2a5700c1ba3897fFixed by 07678eca2cf9c9a18584e546c2b2a0d0c9a3150c
Package
Upstream:released (4.12~rc5)
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
Package
Upstream:released (4.12~rc5)
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):ignored (end-of-life)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
Package
Upstream:released (4.12~rc5)
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
Package
Upstream:released (4.12~rc5)
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
Package
Upstream:released (4.12~rc5)
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):ignored (abandoned)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
Package
Upstream:released (4.12~rc5)
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (4.4.0-87.110~14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
Package
Upstream:released (4.12~rc5)
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):ignored (end-of-life)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
Package
Upstream:released (4.12~rc5)
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.10.0-1004.4)
Ubuntu 17.04 (Zesty Zapus):DNE
Package
Upstream:released (4.12~rc5)
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.11.0-13.19~16.04.1)
Ubuntu 17.04 (Zesty Zapus):DNE
Package
Upstream:released (4.12~rc5)
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):ignored (abandoned)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
Package
Upstream:released (4.12~rc5)
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.11.0-1009.9)
Ubuntu 17.04 (Zesty Zapus):DNE
Package
Upstream:released (4.12~rc5)
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):ignored (abandoned)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
Package
Upstream:released (4.12~rc5)
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
Package
Upstream:released (4.12~rc5)
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
Package
Upstream:released (4.12~rc5)
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):ignored (was needed now end-of-life)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
Package
Upstream:released (4.12~rc5)
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):pending (4.4.0-1002.2)
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-1026.35)
Ubuntu 17.04 (Zesty Zapus):DNE
Package
Upstream:released (4.12~rc5)
Ubuntu 17.10 (Artful Aardvark):not-affected (4.10.0-1011.14)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-1065.73)
Ubuntu 17.04 (Zesty Zapus):released (4.10.0-1011.14)
Package
Upstream:released (4.12~rc5)
Ubuntu 17.10 (Artful Aardvark):not-affected (4.4.0-1067.72)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-1067.72)
Ubuntu 17.04 (Zesty Zapus):released (4.4.0-1067.72)
Package
Upstream:released (4.12~rc5)
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):ignored (abandoned)
Ubuntu 16.04 LTS (Xenial Xerus):ignored (abandoned)
Ubuntu 17.04 (Zesty Zapus):DNE
Package
Upstream:released (4.12~rc5)
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
Package
Upstream:released (4.12~rc5)
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):ignored (was needed ESM criteria)
Ubuntu 17.04 (Zesty Zapus):DNE
Package
Upstream:released (4.12~rc5)
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):ignored (end-of-life)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
Package
Upstream:released (4.12~rc5)
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):ignored (abandoned)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Ubuntu 17.04 (Zesty Zapus):not-affected
Package
Upstream:released (4.12~rc5)
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.10.0-28.32~16.04.2)
Ubuntu 17.04 (Zesty Zapus):DNE
Package
linux-krillin:not-affected
Package
Upstream:released (4.12~rc5)
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):ignored (abandoned)
Ubuntu 16.04 LTS (Xenial Xerus):ignored (abandoned)
Ubuntu 17.04 (Zesty Zapus):DNE
More Information

Updated: 2017-10-23 12:33:11 UTC (commit 13562)