Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
Astra Linux SE 1.5
Astra Linux SE 1.6
Astra Linux SE 1.7
Astra Linux SE 1.8
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:com.altx-soft.nix:def:25116
[Rus]
Version
6
Class
patch
ALTXid
160029
Language
English
Severity
Medium
Title
SUSE-SU-2017:0798-1 -- Security update for virglrenderer
Description
This update for virglrenderer fixes the following issues.
Family
unix
Platform
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Server 12
Product
virglrenderer
Reference
VENDOR: SUSE-SU-2017:0798-1
VENDOR: SUSE-SU-2017:0798-1
Id:
SUSE-SU-2017:0798-1
Reference:
https://www.suse.com/support/update/announcement/2017/suse-su-20170798-1.html
CVE: CVE-2017-6386
CVE: CVE-2017-6386
Id:
CVE-2017-6386
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6386
Comment
: Memory leak in the vrend_create_vertex_elements_state function in vrend_renderer.c in virglrenderer allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRGL_OBJECT_VERTEX_ELEMENTS commands.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSSv3 Score:
6.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CWE:
772 (Missing Release of Resource after Effective Lifetime)
References:
https://cgit.freedesktop.org/virglrenderer/commit/?id=737c3350850ca4dbc5633b3bdb4118176ce59920 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=1427472 (CONFIRM)
96506 (BID)
[oss-security] 20170301 CVE-2017-6386 Virglrenderer: memory leakage while in vrend_create_vertex_elements_state (MLIST)
GLSA-201707-06 (GENTOO)
CVE: CVE-2017-6355
CVE: CVE-2017-6355
Id:
CVE-2017-6355
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6355
Comment
: Integer overflow in the vrend_create_shader function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (process crash) via crafted pkt_length and offlen values, which trigger an out-of-bounds access.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
190 (Integer Overflow or Wraparound)
References:
[virglrenderer-devel] 20170210 [ANNOUNCE] virglrenderer 0.6.0 (MLIST)
https://cgit.freedesktop.org/virglrenderer/commit/?id=93761787b29f37fa627dea9082cdfc1a1ec608d6 (CONFIRM)
96460 (BID)
[oss-security] 20170227 CVE-2017-6355 Virglrenderer: integer overflow while creating shader object (MLIST)
GLSA-201707-06 (GENTOO)
CVE: CVE-2017-6317
CVE: CVE-2017-6317
Id:
CVE-2017-6317
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6317
Comment
: Memory leak in the add_shader_program function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (host memory consumption) via vectors involving the sprog variable.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSSv3 Score:
6.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CWE:
772 (Missing Release of Resource after Effective Lifetime)
References:
[virglrenderer-devel] 20170210 [ANNOUNCE] virglrenderer 0.6.0 (MLIST)
https://cgit.freedesktop.org/virglrenderer/commit/?id=a2f12a1b0f95b13b6f8dc3d05d7b74b4386394e4 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=1426756 (CONFIRM)
96450 (BID)
[oss-security] 20170225 CVE-2017-6317 Virglrenderer: memory leakage issue in add_shader_program (MLIST)
GLSA-201707-06 (GENTOO)
CVE: CVE-2017-6210
CVE: CVE-2017-6210
Id:
CVE-2017-6210
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6210
Comment
: The vrend_decode_reset function in vrend_decode.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (NULL pointer dereference and QEMU process crash) by destroying context 0 (zero).
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
6.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CWE:
476 (NULL Pointer Dereference)
References:
[virglrenderer-devel] 20170210 [ANNOUNCE] virglrenderer 0.6.0 (MLIST)
https://cgit.freedesktop.org/virglrenderer/commit/?id=0a5dff15912207b83018485f83e067474e818bab (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=1426170 (CONFIRM)
96439 (BID)
[oss-security] 20170224 CVE-2017-6210 Virglrenderer: null pointer dereference in vrend_decode_reset (MLIST)
GLSA-201707-06 (GENTOO)
CVE: CVE-2017-6209
CVE: CVE-2017-6209
Id:
CVE-2017-6209
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6209
Comment
: Stack-based buffer overflow in the parse_identifier function in tgsi_text.c in the TGSI auxiliary module in the Gallium driver in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to parsing properties.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
6.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
[virglrenderer-devel] 20170210 [ANNOUNCE] virglrenderer 0.6.0 (MLIST)
https://cgit.freedesktop.org/virglrenderer/commit/?id=e534b51ca3c3cd25f3990589932a9ed711c59b27 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=1426149 (CONFIRM)
96437 (BID)
[oss-security] 20170224 CVE-2017-6209 Virglrenderer: stack buffer oveflow in parse_identifier (MLIST)
GLSA-201707-06 (GENTOO)
CVE: CVE-2017-5994
CVE: CVE-2017-5994
Id:
CVE-2017-5994
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5994
Comment
: Heap-based buffer overflow in the vrend_create_vertex_elements_state function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and crash) via the num_elements parameter.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
[virglrenderer-devel] 20170210 [ANNOUNCE] virglrenderer 0.6.0 (MLIST)
https://cgit.freedesktop.org/virglrenderer/commit/?id=114688c526fe45f341d75ccd1d85473c3b08f7a7 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=1422452 (CONFIRM)
96276 (BID)
[oss-security] 20170215 CVE-2017-5994 Virglrenderer: out-of-bounds access in vrend_create_vertex_elements_state (MLIST)
GLSA-201707-06 (GENTOO)
CVE: CVE-2017-5993
CVE: CVE-2017-5993
Id:
CVE-2017-5993
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5993
Comment
: Memory leak in the vrend_renderer_init_blit_ctx function in vrend_blitter.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRGL_CCMD_BLIT commands.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSSv3 Score:
6.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CWE:
772 (Missing Release of Resource after Effective Lifetime)
References:
[virglrenderer-devel] 20170210 [ANNOUNCE] virglrenderer 0.6.0 (MLIST)
https://cgit.freedesktop.org/virglrenderer/commit/?id=6eb13f7a2dcf391ec9e19b4c2a79e68305f63c22 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=1422438 (CONFIRM)
96275 (BID)
[oss-security] 20170215 CVE-2017-5993 Virglrenderer: host memory leakage when initialising blitter context (MLIST)
GLSA-201707-06 (GENTOO)
CVE: CVE-2017-5957
CVE: CVE-2017-5957
Id:
CVE-2017-5957
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5957
Comment
: Stack-based buffer overflow in the vrend_decode_set_framebuffer_state function in vrend_decode.c in virglrenderer before 926b9b3460a48f6454d8bbe9e44313d86a65447f, as used in Quick Emulator (QEMU), allows a local guest users to cause a denial of service (application crash) via the "nr_cbufs" argument.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://cgit.freedesktop.org/virglrenderer/commit/?id=926b9b3460a48f6454d8bbe9e44313d86a65447f (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=1421126 (CONFIRM)
96215 (BID)
[oss-security] 20170213 CVE-2017-5957 Virglrenderer: stack overflow in vrend_decode_set_framebuffer_state (MLIST)
GLSA-201707-06 (GENTOO)
CVE: CVE-2017-5956
CVE: CVE-2017-5956
Id:
CVE-2017-5956
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5956
Comment
: The vrend_draw_vbo function in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors involving vertext_buffer_index.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
125 (Out-of-bounds Read)
References:
[virglrenderer-devel] 20170210 [ANNOUNCE] virglrenderer 0.6.0 (MLIST)
https://cgit.freedesktop.org/virglrenderer/commit/?id=a5ac49940c40ae415eac0cf912eac7070b4ba95d (CONFIRM)
96187 (BID)
[oss-security] 20170213 CVE-2017-5956 virglrenderer: Virglrenderer: OOB access while in vrend_draw_vbo (MLIST)
GLSA-201707-06 (GENTOO)
CVE: CVE-2017-5937
CVE: CVE-2017-5937
Id:
CVE-2017-5937
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5937
Comment
: The util_format_is_pure_uint function in vrend_renderer.c in Virgil 3d project (aka virglrenderer) 0.6.0 and earlier allows local guest OS users to cause a denial of service (NULL pointer dereference) via a crafted VIRGL_CCMD_CLEAR command.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
6.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://cgit.freedesktop.org/virglrenderer/commit/?id=48f67f60967f963b698ec8df57ec6912a43d6282 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=1420246 (CONFIRM)
96180 (BID)
[oss-security] 20170208 Re: CVE request virglrenderer: null pointer dereference in vrend_clear (MLIST)
CVE: CVE-2017-5580
CVE: CVE-2017-5580
Id:
CVE-2017-5580
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5580
Comment
: The parse_instruction function in gallium/auxiliary/tgsi/tgsi_text.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and process crash) via a crafted texture instruction.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
7.1
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
[virglrenderer-devel] 20170210 [ANNOUNCE] virglrenderer 0.6.0 (MLIST)
https://cgit.freedesktop.org/virglrenderer/commit/src/gallium/auxiliary/tgsi/tgsi_text.c?id=28894a30a17a84529be102b21118e55d6c9f23fa (CONFIRM)
95782 (BID)
[oss-security] 20170125 Re: CVE request Virglrenderer: OOB access while parsing texture instruction (MLIST)
[oss-security] 20170124 CVE request Virglrenderer: OOB access while parsing texture instruction (MLIST)
GLSA-201707-06 (GENTOO)
CVE: CVE-2016-10214
CVE: CVE-2016-10214
Id:
CVE-2016-10214
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10214
Comment
: Memory leak in the virgl_resource_attach_backing function in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSSv3 Score:
6.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CWE:
399 (Resource Management Errors)
References:
[virglrenderer-devel] 20170210 [ANNOUNCE] virglrenderer 0.6.0 (MLIST)
https://cgit.freedesktop.org/virglrenderer/commit/?id=40b0e7813325b08077b6f541b3989edb2d86d837 (CONFIRM)
96181 (BID)
[oss-security] 20170208 Re: CVE request virglrenderer: host memory leak issue in virgl_resource_attach_backing (MLIST)
GLSA-201707-06 (GENTOO)
CVE: CVE-2016-10163
CVE: CVE-2016-10163
Id:
CVE-2016-10163
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10163
Comment
: Memory leak in the vrend_renderer_context_create_internal function in vrend_decode.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (host memory consumption) by repeatedly creating a decode context.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSSv3 Score:
6.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CWE:
399 (Resource Management Errors)
References:
[virglrenderer-devel] 20170210 [ANNOUNCE] virglrenderer 0.6.0 (MLIST)
https://cgit.freedesktop.org/virglrenderer/commit/?id=747a293ff6055203e529f083896b823e22523fe7 (CONFIRM)
95784 (BID)
[oss-security] 20170125 Re: CVE request Virglrenderer: host memory leakage when creating decode context (MLIST)
[oss-security] 20170124 CVE request Virglrenderer: host memory leakage when creating decode context (MLIST)
GLSA-201707-06 (GENTOO)
Content available only for registered users!
ovaldb@altx-soft.com