Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2017:0902-1

Опубликовано: 31 мар. 2017
Источник: suse-cvrf

Описание

Security update for virglrenderer

This update for virglrenderer fixes the following issues:

Security issues fixed:

  • CVE-2017-6386: memory leakage while in vrend_create_vertex_elements_state (bsc#1027376)
  • CVE-2017-6355: integer overflow while creating shader object (bsc#1027108)
  • CVE-2017-6317: fix memory leak in add shader program (bsc#1026922)
  • CVE-2017-6210: null pointer dereference in vrend_decode_reset (bsc#1026725)
  • CVE-2017-6209: stack buffer oveflow in parse_identifier (bsc#1026723)
  • CVE-2017-5994: out-of-bounds access in vrend_create_vertex_elements_state (bsc#1025507)
  • CVE-2017-5993: host memory leakage when initialising blitter context (bsc#1025505)
  • CVE-2017-5957: stack overflow in vrend_decode_set_framebuffer_state (bsc#1024993)
  • CVE-2017-5956: OOB access while in vrend_draw_vbo (bsc#1024992)
  • CVE-2017-5937: null pointer dereference in vrend_clear (bsc#1024232)
  • CVE-2017-5580: OOB access while parsing texture instruction (bsc#1021627)
  • CVE-2016-10214: host memory leak issue in virgl_resource_attach_backing (bsc#1024244)
  • CVE-2016-10163: host memory leakage when creating decode context (bsc#1021616)

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Список пакетов

openSUSE Leap 42.2
libvirglrenderer0-0.5.0-3.3.1
virglrenderer-0.5.0-3.3.1
virglrenderer-devel-0.5.0-3.3.1
virglrenderer-test-server-0.5.0-3.3.1

Ссылки

Описание

Memory leak in the vrend_renderer_context_create_internal function in vrend_decode.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (host memory consumption) by repeatedly creating a decode context.

Затронутые продукты
openSUSE Leap 42.2:libvirglrenderer0-0.5.0-3.3.1
openSUSE Leap 42.2:virglrenderer-0.5.0-3.3.1
openSUSE Leap 42.2:virglrenderer-devel-0.5.0-3.3.1
openSUSE Leap 42.2:virglrenderer-test-server-0.5.0-3.3.1
Ссылки

Описание

Memory leak in the virgl_resource_attach_backing function in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands.

Затронутые продукты
openSUSE Leap 42.2:libvirglrenderer0-0.5.0-3.3.1
openSUSE Leap 42.2:virglrenderer-0.5.0-3.3.1
openSUSE Leap 42.2:virglrenderer-devel-0.5.0-3.3.1
openSUSE Leap 42.2:virglrenderer-test-server-0.5.0-3.3.1
Ссылки

Описание

The parse_instruction function in gallium/auxiliary/tgsi/tgsi_text.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and process crash) via a crafted texture instruction.

Затронутые продукты
openSUSE Leap 42.2:libvirglrenderer0-0.5.0-3.3.1
openSUSE Leap 42.2:virglrenderer-0.5.0-3.3.1
openSUSE Leap 42.2:virglrenderer-devel-0.5.0-3.3.1
openSUSE Leap 42.2:virglrenderer-test-server-0.5.0-3.3.1
Ссылки

Описание

The util_format_is_pure_uint function in vrend_renderer.c in Virgil 3d project (aka virglrenderer) 0.6.0 and earlier allows local guest OS users to cause a denial of service (NULL pointer dereference) via a crafted VIRGL_CCMD_CLEAR command.

Затронутые продукты
openSUSE Leap 42.2:libvirglrenderer0-0.5.0-3.3.1
openSUSE Leap 42.2:virglrenderer-0.5.0-3.3.1
openSUSE Leap 42.2:virglrenderer-devel-0.5.0-3.3.1
openSUSE Leap 42.2:virglrenderer-test-server-0.5.0-3.3.1
Ссылки

Описание

The vrend_draw_vbo function in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors involving vertext_buffer_index.

Затронутые продукты
openSUSE Leap 42.2:libvirglrenderer0-0.5.0-3.3.1
openSUSE Leap 42.2:virglrenderer-0.5.0-3.3.1
openSUSE Leap 42.2:virglrenderer-devel-0.5.0-3.3.1
openSUSE Leap 42.2:virglrenderer-test-server-0.5.0-3.3.1
Ссылки

Описание

Stack-based buffer overflow in the vrend_decode_set_framebuffer_state function in vrend_decode.c in virglrenderer before 926b9b3460a48f6454d8bbe9e44313d86a65447f, as used in Quick Emulator (QEMU), allows a local guest users to cause a denial of service (application crash) via the "nr_cbufs" argument.

Затронутые продукты
openSUSE Leap 42.2:libvirglrenderer0-0.5.0-3.3.1
openSUSE Leap 42.2:virglrenderer-0.5.0-3.3.1
openSUSE Leap 42.2:virglrenderer-devel-0.5.0-3.3.1
openSUSE Leap 42.2:virglrenderer-test-server-0.5.0-3.3.1
Ссылки

Описание

Memory leak in the vrend_renderer_init_blit_ctx function in vrend_blitter.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRGL_CCMD_BLIT commands.

Затронутые продукты
openSUSE Leap 42.2:libvirglrenderer0-0.5.0-3.3.1
openSUSE Leap 42.2:virglrenderer-0.5.0-3.3.1
openSUSE Leap 42.2:virglrenderer-devel-0.5.0-3.3.1
openSUSE Leap 42.2:virglrenderer-test-server-0.5.0-3.3.1
Ссылки

Описание

Heap-based buffer overflow in the vrend_create_vertex_elements_state function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and crash) via the num_elements parameter.

Затронутые продукты
openSUSE Leap 42.2:libvirglrenderer0-0.5.0-3.3.1
openSUSE Leap 42.2:virglrenderer-0.5.0-3.3.1
openSUSE Leap 42.2:virglrenderer-devel-0.5.0-3.3.1
openSUSE Leap 42.2:virglrenderer-test-server-0.5.0-3.3.1
Ссылки

Описание

Stack-based buffer overflow in the parse_identifier function in tgsi_text.c in the TGSI auxiliary module in the Gallium driver in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to parsing properties.

Затронутые продукты
openSUSE Leap 42.2:libvirglrenderer0-0.5.0-3.3.1
openSUSE Leap 42.2:virglrenderer-0.5.0-3.3.1
openSUSE Leap 42.2:virglrenderer-devel-0.5.0-3.3.1
openSUSE Leap 42.2:virglrenderer-test-server-0.5.0-3.3.1
Ссылки

Описание

The vrend_decode_reset function in vrend_decode.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (NULL pointer dereference and QEMU process crash) by destroying context 0 (zero).

Затронутые продукты
openSUSE Leap 42.2:libvirglrenderer0-0.5.0-3.3.1
openSUSE Leap 42.2:virglrenderer-0.5.0-3.3.1
openSUSE Leap 42.2:virglrenderer-devel-0.5.0-3.3.1
openSUSE Leap 42.2:virglrenderer-test-server-0.5.0-3.3.1
Ссылки

Описание

Memory leak in the add_shader_program function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (host memory consumption) via vectors involving the sprog variable.

Затронутые продукты
openSUSE Leap 42.2:libvirglrenderer0-0.5.0-3.3.1
openSUSE Leap 42.2:virglrenderer-0.5.0-3.3.1
openSUSE Leap 42.2:virglrenderer-devel-0.5.0-3.3.1
openSUSE Leap 42.2:virglrenderer-test-server-0.5.0-3.3.1
Ссылки

Описание

Integer overflow in the vrend_create_shader function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (process crash) via crafted pkt_length and offlen values, which trigger an out-of-bounds access.

Затронутые продукты
openSUSE Leap 42.2:libvirglrenderer0-0.5.0-3.3.1
openSUSE Leap 42.2:virglrenderer-0.5.0-3.3.1
openSUSE Leap 42.2:virglrenderer-devel-0.5.0-3.3.1
openSUSE Leap 42.2:virglrenderer-test-server-0.5.0-3.3.1
Ссылки

Описание

Memory leak in the vrend_create_vertex_elements_state function in vrend_renderer.c in virglrenderer allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRGL_OBJECT_VERTEX_ELEMENTS commands.

Затронутые продукты
openSUSE Leap 42.2:libvirglrenderer0-0.5.0-3.3.1
openSUSE Leap 42.2:virglrenderer-0.5.0-3.3.1
openSUSE Leap 42.2:virglrenderer-devel-0.5.0-3.3.1
openSUSE Leap 42.2:virglrenderer-test-server-0.5.0-3.3.1
Ссылки
Уязвимость openSUSE-SU-2017:0902-1