Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 22 Dec 2016 18:57:06 -0500
From: <cve-assign@...re.org>
To: <ppandit@...hat.com>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>,
	<zhenhaohong@...il.com>
Subject: Re: CVE request Qemu: display: virtio-gpu-3d: OOB access while reading virgl capabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Quick Emulator(Qemu) built with the Virtio GPU Device emulator support is
> vulnerable to an out of bounds memory access issue. It could occur while
> processing 'VIRTIO_GPU_CMD_GET_CAPSET' command.
> 
> A guest user/process could use this flaw to crash the Qemu process instance on
> a host, resulting in DoS.
> 
> https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg01903.html

>> retrieves the maximum capabilities size to fill in the
>> response object. It continues to fill in capabilities even if
>> retrieved 'max_size' is zero(0), thus resulting in OOB access.
>> Add check to avoid it.

Use CVE-2016-10028.

This is not yet available at
http://git.qemu.org/?p=qemu.git;a=history;f=hw/display/virtio-gpu-3d.c but
that may be an expected place for a later update.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYXGfhAAoJEHb/MwWLVhi2GN4P/0mDg9MtY/9ZEuTj9P0t97Cz
By4R/z4PK8qeFBGVYo5ftRVNRKit77pkB1rCLNkeaL891RjNya3LcFqb8JBLm6g3
OP6LXA2GhkNdMNEFTAPg2pmnLqFdauHiRtIm/V9bfbCRbdZ+7Ys2rAcRhfc8N85H
P+V1dHQIvx7VQXwo4pfRdMWXaJZJvbq6Dvvn4wFgcw32HJ39irsiWLa1x3quNmhL
t5jBL3zp6lfTOO7fqUGLUOk9Rs/g2N5XrUTZ0Rc7Cw+1xjy/luWObIGF5fmnkW6M
LbBlVoZmnZBJanoSdPTiwy5fURq1T1IjDC3n1ZRB+poVRsIOvCoFYJAozYHwOYeg
g/kQwY+DYAUh3QE0SHRZJmO/TILS8ghtqrldZtS4WP87d+CMWi6PzMBumScIH9S3
zPZSs0KLuXhWnus4yrFcYHrc/sonqZSfCvejw/Un2XxFb6fjc8VkwEzWZcFlZ+y8
EpyDpSjflZcMsqzTK/ETogYtVcKGjjyg7b4tDRrP5Vjm98HmPSiCC+bLtqTcsF2p
5oBGCwQX2dSNMTKMltUPTNeIdotZkF/6ym6TKnAs9YGGQI0ioxFHuT/6FhF6GAYA
S2Y63sZbbTxDthsohCQBv/KPJFlHZyo1ih1dxRiVXGTqRjYWc+QZvz+mOJ0A07oT
2h/TVl7vPCyM3UTD9Tym
=GOF0
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ