Bug 1765594 (CVE-2019-18392) - CVE-2019-18392 virglrenderer: double free in the vrend_renderer_transfer_write_iov function
Summary: CVE-2019-18392 virglrenderer: double free in the vrend_renderer_transfer_writ...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2019-18392
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1784715
Blocks: 1765598
TreeView+ depends on / blocked
 
Reported: 2019-10-25 14:15 UTC by Marian Rehak
Modified: 2020-08-26 17:22 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-12-18 08:09:24 UTC
Embargoed:

Attachments (Terms of Use)

Description Marian Rehak 2019-10-25 14:15:48 UTC 
A double free in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_BLIT commands.

Upstream Issue:

https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314/diffs?commit_id=d2cdbcf6a8f2317f250fd54f08aa35dde2fa3e30#3cd772559e0d73afa136d6818023cfd0c4c8ecc0_0_359
Comment 1 Marian Rehak 2019-10-25 14:17:43 UTC 
Upstream Patch:

https://gitlab.freedesktop.org/virgl/virglrenderer/commit/164d7587adc437dcc1cc9bdf843640ae450a96ff
Comment 3 Prasad Pandit 2019-12-18 07:09:28 UTC 
Created virglrenderer tracking bugs for this issue:

Affects: fedora-all [bug 1784715]
Comment 4 Product Security DevOps Team 2019-12-18 08:09:24 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-18392
Comment 5 Prasad Pandit 2020-08-26 17:22:49 UTC 
This issue is fixed via upstream patch set along with other issues, this is not a separate bug.
 -> https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/314
Note You need to log in before you can comment on or make changes to this bug.