oss-sec mailing list archives
Re: CVE request Qemu: display: virtio-gpu-3d: host memory leakage in virgl_cmd_resource_unref
From: <cve-assign () mitre org>
Date: Thu, 2 Feb 2017 01:15:48 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Quick Emulator(Qemu) built with the Virtio GPU Device emulator support is vulnerable to a host memory leakage issue. It could occur while processing 'VIRTIO_GPU_CMD_RESOURCE_UNREF' command. A guest user/process could use this flaw to leak host memory resulting in DoS. https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg04615.html https://bugzilla.redhat.com/show_bug.cgi?id=1418382
Use CVE-2017-5857. This is not yet available at http://git.qemu.org/?p=qemu.git;a=history;f=hw/display/virtio-gpu-3d.c but that may be an expected place for a later update. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYksc/AAoJEHb/MwWLVhi2dlwP/jHC0lg6fIrzdhSon1pxLzFJ yRd3QxpiGOTt+zwK8T4L899ToWxQZDHLwV2QWz1+UGBf5IC1PaEtj03h5tlAWJte TUoAPT03STXKle3HDxqGuqohUqTeZ27EnEY78z5YIS8ok9txh2Mjy/Mg9GIR9st6 ef1DHl7CwWObMurL//kPInWEFfYQ9/zMpq2KG/xtbBAmmKQlcmTTG+gnTbMy5lZ4 mRWC4PPcUMlHt/wU1QQohIYvRcNKDj2bppvXeOX54TqY2m4hnMspPERIrpfvzX0N SAUORuztcL7zg5fXtv9d2RFdr1RGD9EVR8kTqv+lcpMWLl1Xgok6P+TNhIXRFiQw rHY/KEGBgplk0cDPpiT+pLrtntQgUp4nE5Dr18EjVEiju77/js6N19+IzwD/WWV3 i0uN8YMZFrwRuKSUjH27mU1WvmP4vOtwlb+xDVbIdKp7llHxYL9wAViTn+AE6SvM 0Lxi5gwIrnCox7ozz0wBSj8z2CPv9d0UY0ts+dSSljqbGG02eE3QYGAodUifJzv1 EY6lUAfgimzRGTKM32Pt3xkRccEjslaKj1tJopPJd2Ptfgv9CXZ03w2O86/niJY7 dExg6W4ZBYrPMAiAx2mm+V0sHGOAyaEQmKjhYMbHAPe+KizsBJ4LcA1JxXTojULe KzkJsxObG7XYsmYA/0Vi =kzd3 -----END PGP SIGNATURE-----
Current thread:
- CVE request Qemu: display: virtio-gpu-3d: host memory leakage in virgl_cmd_resource_unref P J P (Feb 01)
- Re: CVE request Qemu: display: virtio-gpu-3d: host memory leakage in virgl_cmd_resource_unref cve-assign (Feb 01)