oss-sec mailing list archives
Re: CVE request Qemu: display: virtio-gpu: memory leakage while updating cursor
From: <cve-assign () mitre org>
Date: Mon, 5 Dec 2016 17:17:20 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Quick Emulator built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while updating the cursor data in update_cursor_data_virgl. A guest user/process could use this flaw to leak host memory bytes, resulting in DoS for a host. https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg00029.html
if the 'width'/ 'height' is not equal to current cursor's width/height it will return without free the 'data' allocated previously
Use CVE-2016-9846. This is not yet available at http://git.qemu.org/?p=qemu.git;a=history;f=hw/display/virtio-gpu.c but that may be an expected place for a later update. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYReVlAAoJEHb/MwWLVhi26K4QAIEOb2gsY0jWd9UGFd7PT27w 03JwlZZKo8DxKTVE/YV2uVCNRG6kplIIZeAAJe64MytSFL2hnAzd3Mm7uamZUTKZ Q0GxRK6ruTrziVeHWgg+xAy4KWiD3KBoAbxVbgW7qmnXAw4ML3IKJ9R7SJFmGhzH MUMIMJlhvXy8ngYsRwtcgfpiahKTN4YeYxk0MxqNIDZmROsnbrMsuASpg8jLKcXh hyygf17M7Wd42Go3C/BDaVn91numOlgJxPVnPv6VhD7oXrM+1iNIbw29UMqVUH5I yMkLB6Dd2iM/hiQIirohtn7B4mX7OgiP2j5eiu38MRP6ZaVblTfFsb3M2XJkl3/v ukhw4zaPbnzB7ANBG8Q0aABCnnDAtJSR7hDd0emvu8WxgT6ub37iDY4oz0Xlxxqr QeE0QCC33I932WGdWBjAf77bZ7QficjL6HXevMFiiPQYAiXb4CV400N2lLLr2dJY SVYuFCtEvBk2yrc5kyPMmo0s8kMSfPj/0GwR03960iNlQD9dHYl7N5QMuv3AqnDF AlK+zO/bgGuKy9/tdNH/io03rx9PnxOn5NjX2/TYWEaOV3z9hhpfSfjPAn5vsHNR slC1L7YwPehS66LRc5uUqJNUtIeKqV0E5OWvR0pUDvXpLZim0trm9AbVStgSkA6u JsxYW7rXQSTapsyPSGTr =HX47 -----END PGP SIGNATURE-----
Current thread:
- CVE request Qemu: display: virtio-gpu: memory leakage while updating cursor P J P (Dec 05)
- Re: CVE request Qemu: display: virtio-gpu: memory leakage while updating cursor cve-assign (Dec 05)