oss-sec mailing list archives
Re: CVE request Qemu: display: virtio-gpu-3d: memory leakage in virgl_resource_attach_backing
From: <cve-assign () mitre org>
Date: Fri, 20 Jan 2017 22:26:54 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
[] Quick Emulator(Qemu) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while processing 'VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING' command. A guest user/process could use this flaw to leak host memory resulting in DoS. https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg00154.html https://bugzilla.redhat.com/show_bug.cgi?id=1415281 http://git.qemu.org/?p=qemu.git;a=commit;h=33243031dad02d161225ba99d782616da133f689
Use CVE-2017-5552 for this (i.e., a memory consumption issue, not an information disclosure issue). - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYgtMQAAoJEHb/MwWLVhi2Z6IP/3+ft1EpX+/Dn7Ja15Ss8CvI JBMEN+BQmrDJhNbGEGIUGectfmW4lB2cIyz4BsCbCx8Pxq13vRB2UxIytncBDyEz GPtRRp1eC5iLBfJwWXYLftOYDkst7yqbXenLavjoPu2VtvWnD412W+63BhR/fRGe 105WM3tY1Tx7DcCi6Bnhv9cNDIazlgjFQ9YbKdjL99dkLwZo8EIlJD/rcHI82K1f ugotHzcZ3kw2f/W4lf4kNH1+bCGU3Te0osyNlSgXrAYzWAulnDWwW+F32Syzqnk0 jQ5d0yDBuFOlu1uzb5kpI1Vv1M69lwOYf9XPhCxZ6mDub0BCq1JvNC9CRNNE5Yub V4CEM6Grgy/OhQs8ZEbGL7H7Sq2gwTGEC5lWKpyxKSpPpitnfOV+aXSaHw494Sl9 LO5BmJvqImD8EjBfyLS+cJD3JLj0k1WIqbzlnGrNMg9kYURa0PJTnUSrNK3m/TpU KnqwodxLI/sX378ECCkPzz4ibMD5dgAIkyH1qJr/PS2f+LPjFhY9+40wGe5haUGa a0ibuJ2RNf7SfEDGRytkugwwk2mOs1DtNDhTDf/d3dPVwDywOYHu+WeT2zz6bZ51 0l+576HoGuNtBj8UjofYGtcNIJk2LSe5/oNEd9kR+lzsWM+2jRuqWJSAaZ1p+XOG SfnRN1+bCmCMywfG4gYb =Z6dJ -----END PGP SIGNATURE-----
Current thread:
- CVE request Qemu: display: virtio-gpu-3d: memory leakage in virgl_resource_attach_backing P J P (Jan 20)
- Re: CVE request Qemu: display: virtio-gpu-3d: memory leakage in virgl_resource_attach_backing cve-assign (Jan 20)