Mailinglist Archive: opensuse-bugs (4284 mails)

< Previous Next >
[Bug 1039886] New: VUL-0: CVE-2017-9060: qemu: virtio-gpu: host memory leakage in Virtio GPU device
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Fri, 19 May 2017 10:45:53 +0000
  • Message-id: <bug-1039886-21960@http.bugzilla.opensuse.org/>
http://bugzilla.opensuse.org/show_bug.cgi?id=1039886


Bug ID: 1039886
Summary: VUL-0: CVE-2017-9060: qemu: virtio-gpu: host memory
leakage in Virtio GPU device
Classification: openSUSE
Product: openSUSE Distribution
Version: Leap 42.2
Hardware: Other
OS: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Security
Assignee: security-team@xxxxxxx
Reporter: mikhail.kasimov@xxxxxxxxx
QA Contact: qa-bugs@xxxxxxx
Found By: ---
Blocker: ---

Ref: http://seclists.org/oss-sec/2017/q2/298
=============================================
Hello,

Quick Emulator(Qemu) built with the Virtio GPU Device emulator support is
vulnerable to a memory leakage issue. It could occur while processing
'VIRTIO_GPU_CMD_SET_SCANOUT:' command.


A guest user/process could use this flaw to leak host memory resulting in Dos.

Upstream patch:
---------------
->
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=dd248ed7e204ee8a1873914e02b8b526e8f1b80d

Reference:
----------
-> https://bugzilla.redhat.com/show_bug.cgi?id=1452597

This issue was reported by Li Qiang of Qihoo 360 Gear Team.

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
=============================================

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >
Follow Ups