Linux kernel built with the VirtIO GPU driver(CONFIG_DRM_VIRTIO_GPU) support is vulnerable to a memory leakage issue. It could occur while creating a virtio gpu object in virtio_gpu_object_create(). A user/process could use this flaw to leak host kernel memory potentially resulting in DoS. Upstream patch: --------------- -> https://git.kernel.org/linus/385aee965b4e4c36551c362a334378d2985b722a Reference: ---------- -> http://www.openwall.com/lists/oss-security/2017/07/07/2
Acknowledgments: Name: Li Qiang (Qihoo 360 Gear Team)
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1468024]
Statement: This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. This issue affects the version of Linux kernel as shipped with Red Hat Enterprise Linux 7. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
kernel-4.11.10-100.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
kernel-4.11.10-200.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.