Mailinglist Archive: opensuse-bugs (4248 mails)

< Previous Next >
[Bug 1021195] New: VUL-0: kvm: qemu: display: virtio-gpu-3d: memory leakage in virgl_resource_attach_backing
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Fri, 20 Jan 2017 18:51:59 +0000
  • Message-id: <bug-1021195-21960@http.bugzilla.suse.com/>
http://bugzilla.suse.com/show_bug.cgi?id=1021195


Bug ID: 1021195
Summary: VUL-0: kvm: qemu: display: virtio-gpu-3d: memory
leakage in virgl_resource_attach_backing
Classification: openSUSE
Product: openSUSE Distribution
Version: Leap 42.2
Hardware: Other
OS: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: KVM
Assignee: kvm-bugs@xxxxxxxxxxxxxxxxxxxxxx
Reporter: mikhail.kasimov@xxxxxxxxx
QA Contact: qa-bugs@xxxxxxx
Found By: ---
Blocker: ---

Ref: http://seclists.org/oss-sec/2017/q1/158
==============================================
Hello,

Quick Emulator(Qemu) built with the Virtio GPU Device emulator support is
vulnerable to a memory leakage issue. It could occur while processing
'VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING' command.


A guest user/process could use this flaw to leak host memory resulting in DoS.

Upstream patch:
---------------
-> https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg00154.html

Reference:
----------
-> https://bugzilla.redhat.com/show_bug.cgi?id=1415281

This issue was reported by Mr Li Qiang of 360.cn Inc.

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
==============================================

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >