DescriptionThe Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severityhigh (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)wheezy3.2.78-1vulnerable
wheezy (security)3.2.96-3vulnerable
jessie (security)3.16.51-3+deb8u1vulnerable
stretch (security), stretch4.9.82-1+deb9u3vulnerable
buster, sid4.15.4-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs


[stretch] - linux <ignored> (Minor issue, requires invasive changes)
[jessie] - linux <ignored> (Minor issue, requires invasive changes)
[wheezy] - linux <no-dsa> (Minor issue, requires invasive changes)

Search for package or bug name: Reporting problems