oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request Qemu: display: virtio-gpu: out of bounds read in virtio_gpu_set_scanout

From: <cve-assign () mitre org>
Date: Thu, 22 Dec 2016 18:59:21 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


Quick Emulator(Qemu) built with the Virtio GPU Device emulator support is
vulnerable to an OOB read issue. It could occur while processing
'VIRTIO_GPU_CMD_SET_SCANOUT:' command.

A guest user/process could use this flaw to crash the Qemu process instance
resulting in Dos.

http://git.qemu.org/?p=qemu.git;a=commit;h=acfc4846508a02cc4c83aa27799fd7
http://git.qemu.org/?p=qemu.git;a=commit;h=2fe760554eb3769d70f608a158474f



The scanout id should not be above the configured num_scanouts.


Use CVE-2016-10029.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYXGfnAAoJEHb/MwWLVhi2XawP/jE9QxYK30gG1aMK8peEuX3a
b59gBHobECBcTLX2A8NUXN7/C5fIUhOUwiAj00sHEZjyZkJA8NONIfC3ussRlrkU
GfFnFnYT6h5mprlh9EGaiXjENCGxWFYTZ1PeAieGpJV4VPWDzGr49L7p8lleLKS5
arhNsgBXnJO/H6Wlk2JGlZRQAR6B+0rmhrpvQzZz0ry711f3sdkJ0bPIqPr3SrMS
SBlARTOYKueTenW3z/o3U1YxKUx/y9/pkXbaEcRueGuUfCDQ7VEone4VzuqQG7Wo
AJvkLoPX81TMShec4A9AKjMOohtDlDpnMB5afCHL8940u05BVLBk9n8Nw7hZbXZ+
oETpGdXAVtXnJodBwfvY/tWQ5mJIkcCXNJefGEw1a0xM1JmGbYnfXCrqNEBJKboJ
UAmL1wx6k4XZ698/akQupRkIIsSsEi3pwuK+3RBnHtbmkRiKVyiA0oRWyLFvas7u
1Ij+iYb8xPGFdgAF/CuGvhkqsNWuZJIK0J8Qgxq7Tobt/EPdU86yt3cY4BjRBLr4
VVOt9hjJKoUiIyszmeuwEK10G9UxqSu9RqK6siAOj+hEJCoMeqWx9Cdi2QgUaRwX
saqhI5Y0pvcxccU/BN6spVWzRMpCp49D8t610pCEfLQE18mp+BqRAsPAN39j9RXZ
V9XNIsxkhbOaBh0BwUqV
=8Vzd
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: