oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request Qemu: display: virtio-gpu-3d: host memory leakage in virgl_cmd_resource_unref

From: <cve-assign () mitre org>
Date: Thu, 2 Feb 2017 01:15:48 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


Quick Emulator(Qemu) built with the Virtio GPU Device emulator support is
vulnerable to a host memory leakage issue. It could occur while processing
'VIRTIO_GPU_CMD_RESOURCE_UNREF' command.

A guest user/process could use this flaw to leak host memory resulting in DoS.

https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg04615.html
https://bugzilla.redhat.com/show_bug.cgi?id=1418382


Use CVE-2017-5857.

This is not yet available at
http://git.qemu.org/?p=qemu.git;a=history;f=hw/display/virtio-gpu-3d.c but
that may be an expected place for a later update.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYksc/AAoJEHb/MwWLVhi2dlwP/jHC0lg6fIrzdhSon1pxLzFJ
yRd3QxpiGOTt+zwK8T4L899ToWxQZDHLwV2QWz1+UGBf5IC1PaEtj03h5tlAWJte
TUoAPT03STXKle3HDxqGuqohUqTeZ27EnEY78z5YIS8ok9txh2Mjy/Mg9GIR9st6
ef1DHl7CwWObMurL//kPInWEFfYQ9/zMpq2KG/xtbBAmmKQlcmTTG+gnTbMy5lZ4
mRWC4PPcUMlHt/wU1QQohIYvRcNKDj2bppvXeOX54TqY2m4hnMspPERIrpfvzX0N
SAUORuztcL7zg5fXtv9d2RFdr1RGD9EVR8kTqv+lcpMWLl1Xgok6P+TNhIXRFiQw
rHY/KEGBgplk0cDPpiT+pLrtntQgUp4nE5Dr18EjVEiju77/js6N19+IzwD/WWV3
i0uN8YMZFrwRuKSUjH27mU1WvmP4vOtwlb+xDVbIdKp7llHxYL9wAViTn+AE6SvM
0Lxi5gwIrnCox7ozz0wBSj8z2CPv9d0UY0ts+dSSljqbGG02eE3QYGAodUifJzv1
EY6lUAfgimzRGTKM32Pt3xkRccEjslaKj1tJopPJd2Ptfgv9CXZ03w2O86/niJY7
dExg6W4ZBYrPMAiAx2mm+V0sHGOAyaEQmKjhYMbHAPe+KizsBJ4LcA1JxXTojULe
KzkJsxObG7XYsmYA/0Vi
=kzd3
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: