Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 8 Feb 2017 23:58:06 -0500
From: <cve-assign@...re.org>
To: <ppandit@...hat.com>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>,
	<liq3ea@...il.com>
Subject: Re: CVE request virglrenderer: null pointer dereference in vrend_clear

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Virgil 3d project, used by Quick Emulator(Qemu) to implement 3D GPU support
> for the virtio GPU, is vulnerable to a null pointer dereference issue. It
> could occur when a guest invokes a virgl 'VIRGL_CCMD_CLEAR' command.
> 
> A guest user/process could use this flaw to crash Qemu process resulting in
> DoS.
> 
> https://cgit.freedesktop.org/virglrenderer/commit/?id=48f67f60967f963b698ec8df57ec6912a43d6282
> https://bugzilla.redhat.com/show_bug.cgi?id=1420246

Use CVE-2017-5937.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYm/MpAAoJEHb/MwWLVhi2olMP/03Sgb3VBpQscAXgMLt+92R2
KUi+w+uiGtDsbV4s/P+QQmPyLdACf1hkuKeTxN8/LUGkKDuzQAjnYrsjnXl1blL9
F5Xgm0vAtTKJhBvaO56rcO8ZjqT/JxVktJ4aBI1MXtcmvY0ARbvA+7EZcMKZfkJQ
7+THPkMRCWDj+E6SCwGeYM2I4DHlfytQWA+qw3HOMFU8oRoKOCZXkusA+jiuwZ6J
vXcGTbGEwmiFu9+TLx0okr2L+PpA2m2OwlzbfR8wzfRK9em5GQmKMhCf7hSDcm94
PlaYVm5XYwLTisZg+D5RUUW7CVHbg/BPyLagPdDZ/ZIe2YshJoC2Y2LAvU7XLgG4
MhjleujVv8qbKhcG1B6v5nhkOlUrbEPlshsh5Vp8bJAIfG9JBz3R9DvG5kMhGhZm
FFQY6rWDnCAJ5EAd0GjUqN31smIZvVVSgXhikNtQFFT9MBfDxdtzPzbiIQXM/5kJ
C2vjAlUhA/9qrrdQhICH0Lt5WzXU9NuNI+/0dAZRcGN8APF4jHfPCki2Dao+i9M/
n5dyZnocqak9JPS++ACBAxm3h4cvFaKzQMO+somiSpJttqd9li/6HfvZPXHGmUse
p56y/ooUsUaM6kub22o+kGkVM8qGc/ZEHIcVDNhk87BFxxgFxQ6snJPMgHxHe62G
5WnbJ/gEBRGS5w9LAKQR
=aRRv
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ