oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request virglrenderer: null pointer dereference in vrend_clear

From: <cve-assign () mitre org>
Date: Wed, 8 Feb 2017 23:58:06 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


Virgil 3d project, used by Quick Emulator(Qemu) to implement 3D GPU support
for the virtio GPU, is vulnerable to a null pointer dereference issue. It
could occur when a guest invokes a virgl 'VIRGL_CCMD_CLEAR' command.

A guest user/process could use this flaw to crash Qemu process resulting in
DoS.

https://cgit.freedesktop.org/virglrenderer/commit/?id=48f67f60967f963b698ec8df57ec6912a43d6282
https://bugzilla.redhat.com/show_bug.cgi?id=1420246


Use CVE-2017-5937.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYm/MpAAoJEHb/MwWLVhi2olMP/03Sgb3VBpQscAXgMLt+92R2
KUi+w+uiGtDsbV4s/P+QQmPyLdACf1hkuKeTxN8/LUGkKDuzQAjnYrsjnXl1blL9
F5Xgm0vAtTKJhBvaO56rcO8ZjqT/JxVktJ4aBI1MXtcmvY0ARbvA+7EZcMKZfkJQ
7+THPkMRCWDj+E6SCwGeYM2I4DHlfytQWA+qw3HOMFU8oRoKOCZXkusA+jiuwZ6J
vXcGTbGEwmiFu9+TLx0okr2L+PpA2m2OwlzbfR8wzfRK9em5GQmKMhCf7hSDcm94
PlaYVm5XYwLTisZg+D5RUUW7CVHbg/BPyLagPdDZ/ZIe2YshJoC2Y2LAvU7XLgG4
MhjleujVv8qbKhcG1B6v5nhkOlUrbEPlshsh5Vp8bJAIfG9JBz3R9DvG5kMhGhZm
FFQY6rWDnCAJ5EAd0GjUqN31smIZvVVSgXhikNtQFFT9MBfDxdtzPzbiIQXM/5kJ
C2vjAlUhA/9qrrdQhICH0Lt5WzXU9NuNI+/0dAZRcGN8APF4jHfPCki2Dao+i9M/
n5dyZnocqak9JPS++ACBAxm3h4cvFaKzQMO+somiSpJttqd9li/6HfvZPXHGmUse
p56y/ooUsUaM6kub22o+kGkVM8qGc/ZEHIcVDNhk87BFxxgFxQ6snJPMgHxHe62G
5WnbJ/gEBRGS5w9LAKQR
=aRRv
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: