CVE-2017-10810

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel through 4.11.8 allows attackers to cause a denial of service (memory consumption) by triggering object-initialization failures.

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=385aee965b4e4c36551c362a334378d2985b722a

http://www.debian.org/security/2017/dsa-3927

http://www.securityfocus.com/bid/99433

https://github.com/torvalds/linux/commit/385aee965b4e4c36551c362a334378d2985b722a

https://lkml.org/lkml/2017/4/6/668

Details

Source: MITRE

Published: 2017-07-04

Updated: 2019-10-03

Type: CWE-772

Risk Information

CVSS v2

Base Score: 7.8

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 4.11.8 (inclusive)

Tenable Plugins

View all (16 total)

IDNameProductFamilySeverity
124979EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1526)NessusHuawei Local Security Checks
high
124821EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1498)NessusHuawei Local Security Checks
high
106943SUSE SLED12 Security Update : drm (SUSE-SU-2018:0509-1)NessusSuSE Local Security Checks
high
104253SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:2869-1) (KRACK)NessusSuSE Local Security Checks
high
102838SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:2286-1)NessusSuSE Local Security Checks
high
102525Ubuntu 14.04 LTS : linux-lts-xenial regression (USN-3392-2) (Stack Clash)NessusUbuntu Local Security Checks
high
102524Ubuntu 16.04 LTS : linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon regression (USN-3392-1) (Stack Clash)NessusUbuntu Local Security Checks
high
102333openSUSE Security Update : the Linux Kernel (openSUSE-2017-891)NessusSuSE Local Security Checks
high
102211Debian DSA-3927-1 : linux - security update (Stack Clash)NessusDebian Local Security Checks
high
102198Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3378-2) (Stack Clash)NessusUbuntu Local Security Checks
high
102197Ubuntu 16.04 LTS : linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities (USN-3378-1) (Stack Clash)NessusUbuntu Local Security Checks
high
102196Ubuntu 16.04 LTS : linux-hwe vulnerabilities (USN-3377-2) (Stack Clash)NessusUbuntu Local Security Checks
high
102195Ubuntu 17.04 : linux, linux-raspi2 vulnerabilities (USN-3377-1) (Stack Clash)NessusUbuntu Local Security Checks
high
101865Fedora 24 : kernel (2017-5ce9d89b82)NessusFedora Local Security Checks
high
101782Fedora 25 : kernel (2017-f2f29441f9)NessusFedora Local Security Checks
high
101781Fedora 26 : kernel (2017-e8bdc4ede0)NessusFedora Local Security Checks
high