oss-sec mailing list archives
Re: CVE request Qemu: display: virtio-gpu: memory leakage when destroying gpu resource
From: <cve-assign () mitre org>
Date: Thu, 8 Dec 2016 01:36:58 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Quick Emulator(Qemu) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while destroying gpu resource object in 'virtio_gpu_resource_destroy' A guest user/process could use this flaw to leak host memory bytes, resulting in DoS for a host. https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg05043.html
the 'iov' and 'addrs' field in resource is not freed
Use CVE-2016-9912. This is not yet available at http://git.qemu.org/?p=qemu.git;a=history;f=hw/display/virtio-gpu.c but that may be an expected place for a later update. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYSPwEAAoJEHb/MwWLVhi2PNkQAJ04jluxiwMJkFYyHnxywbvq uhCBuwqncHIs/MUMLdYrNB3NvUQm1W4DmF1iVOKpP/r4jhXbZ52cS89hEbCfFL/W rPsr5H1tVLyUmXEroMxoyT9RJRlNlMp4FXTYCmbsZStqW+KLsXc/IiiUqfPJfw00 qo2AHZc4xMpSqYKSUPwZYN4UG4uosve1mYcmII7CTg2nTFqeFeufq6A+N8/HKpFC dYp4fcGkM1B8V4W2FL95oWalMUmDjFGnVfXQrlSnJB1XcOEFqsebcUq7xFcE2psi FCYkoz098xv1TIYWCwIj3Oscl/AH8SDtrXokXbtYqxbeq0mKIkaTqtLsj4CiooxY KhuJs27nJZJZZve15r2CZ6g8poHMZH+WdSWrF4tZNlgDsOojLnrI8+vPqknfM91B 8AxAuEGPcGSFa9JHSP8EhJ7Jr1aahoL4OqJQSSesqk9PckKQREsLqS5cnMEQj+OE mHe4a2bPj900Okq5SXnnZt1t8T8WyIzgC2rgfDuMuCfoC38NF1dRjQ8TcK0oL6r6 sK52vKKO9Rmo/JLdVkjjgvu0UZZ5c21FfhJbKROkWYE9TmNc+Kuf2f5ypk1bHzA6 A3fB5mNz2nwV95JyQgr+TVyfT1Pf0mZfl1U/gRJE0M7t3m3DYQiYXeWJ9heRKgQj +G1h8Edu8sXg+DMskaTQ =vdtL -----END PGP SIGNATURE-----
Current thread:
- CVE request Qemu: display: virtio-gpu: memory leakage when destroying gpu resource P J P (Dec 06)
- Re: CVE request Qemu: display: virtio-gpu: memory leakage when destroying gpu resource cve-assign (Dec 07)