Quick Emulator(Qemu) built with the Virtio GPU Device emulator support is vulnerable to a host memory leakage issue. It could occur while processing 'VIRTIO_GPU_CMD_RESOURCE_UNREF' command. A guest user/process could use this flaw to leak host memory resulting in DoS. Upstream patch: --------------- -> https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg04615.html Reference: ---------- -> http://www.openwall.com/lists/oss-security/2017/02/01/21
Acknowledgments: Name: Li Qiang (360.cn Inc.)
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1418383]