oss-sec mailing list archives
Re: CVE request Qemu virtio-gpu: memory leak in virtio_gpu_resource_create_2d
From: cve-assign () mitre org
Date: Sat, 8 Oct 2016 11:29:44 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Quick Emulator(Qemu) built with the Virtio GPU Device support is vulnerable to a memory leakage issue. It could occur while processing virtio GPU command VIRTIO_GPU_CMD_RESOURCE_CREATE_2D. A privileged user/process inside guest could use this flaw to exhaust host memory resulting in DoS. https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg04129.html
Use CVE-2016-7994. This is not yet available at http://git.qemu.org/?p=qemu.git;a=history;f=hw/display/virtio-gpu.c but that may be an expected place for a later update. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJX+RAeAAoJEHb/MwWLVhi2gn8P/2WXoxRXiXfBxIc5Yt2YZjoZ +zqKhswXFESnQY3JC+qlkFVvg2sSoakc4gxkGHEx/2TOCVay4jQpw8hOU7njwEcA kLgOLYeSjQ0OhsSQ/sC3PPTe81GFVbYx7oWr9DcL/gcwj+/Yu1FIuIzt/PbsAiUz 3l9j+TbNt98rhFgzmtFHzBRBhBgxQQZSFyFjpPTk4C9OJoiwygEifKAsdxOrA/WS ZQciImoinC5tAFbAJws8CcXy2vO6evxeEynULX0KeoMneh5opMAZmnZmaTpccTb2 niLYlsPJivoDW1RxcXC2Bag29258PKq5A3j7Oo9GVvbGpa5EqAIVQOQGSuwg/Y+G PAQ0KxWwdPDlY3Kl6kz0Pz7qGUzQrtNdGzy5IKdCB+INfh4zmDTiGwyNFprIH/dN nSGbun+Xqi36K53a0quCxRzbudYGpiLzspWZmFml+Gn8Nx5O/6nCJCfQg0vRGBhD FE80+vo06KR5RGqDUgyBvvqloRtc/S+RoWEuLeXJoRG53MgD6yFKY6hqYIvNePLX yduwq534m0nR077H7r16z/oQJlcRid+nRjtHLATvUj2FSJ60OeP4YyorMGg04MLn clotlx8GYkbBVBgNGuqxg6mKvb2Aks2wKRYU81R4gE9v/8BfIEErsQn4617iNu5T VgECwvU7fbVvd5W1mQ3a =9OnQ -----END PGP SIGNATURE-----
Current thread:
- CVE request Qemu virtio-gpu: memory leak in virtio_gpu_resource_create_2d P J P (Oct 07)
- Re: CVE request Qemu virtio-gpu: memory leak in virtio_gpu_resource_create_2d cve-assign (Oct 08)