Bug 1796643 (CVE-2020-8003)

Summary:	CVE-2020-8003 virglrenderer: Double-free vulnerability in vrend_renderer.c
Product:	[Other] Security Response	Reporter:	Pedro Sampaio <psampaio>
Component:	vulnerability	Assignee:	Nobody <nobody>
Status:	CLOSED WONTFIX	QA Contact:
Severity:	low	Docs Contact:
Priority:	low
Version:	unspecified	CC:	airlied, marcandre.lureau, mbenatto
Target Milestone:	---	Keywords:	Security
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:	virglrenderer-0.8.2	Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2024-10-31 15:12:47 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:	1796644, 1796645, 1808541
Bug Blocks:	1796649

Description Pedro Sampaio 2020-01-30 20:21:04 UTC

A double-free vulnerability in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service by triggering texture allocation failure, because vrend_renderer_resource_allocated_texture is not an appropriate place for a free.

References:

https://gitlab.freedesktop.org/virgl/virglrenderer/commit/f9b079ccc319c98499111f66bd654fc9b56cf15f?merge_request_iid=340
https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/340
https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/340/diffs?commit_id=3320973c9f2068f60cf6613c2811a8824781878a
https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/340/diffs?commit_id=f9b079ccc319c98499111f66bd654fc9b56cf15f

Comment 1 Pedro Sampaio 2020-01-30 20:21:55 UTC

Created virglrenderer tracking bugs for this issue:

Affects: epel-8 [bug 1796645]
Affects: fedora-all [bug 1796644]

Comment 4 Sandro Bonazzola 2024-08-06 10:07:54 UTC

looks like all tracking bugs have been closed. Can this bug be closed as well?