Virgil 3d project, used by Quick Emulator(Qemu) to implement 3D GPU support for the virtio GPU, is vulnerable to memory leakage issue. It could occur when a guest invokes a 'VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING' command. A guest user/process could use this flaw to leak host memory leading to DoS. Upstream patch: --------------- -> https://cgit.freedesktop.org/virglrenderer/commit/?id=40b0e7813325b08077b6f541b3989edb2d86d837 Reference: ---------- -> http://www.openwall.com/lists/oss-security/2017/02/08/6
Acknowledgments: Name: Li Qiang (360.cn Inc.)
Created virglrenderer tracking bugs for this issue: Affects: fedora-all [bug 1420268]
CVE assignment: http://seclists.org/oss-sec/2017/q1/349
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.