Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 607174

Summary: app-emulation/qemu: Virglrenderer: OOB access while parsing instruction
Product: Gentoo Security Reporter: Francis Booth <boothf>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: normal CC: qemu+disabled
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://lists.freedesktop.org/archives/virglrenderer-devel/2017-January/000105.html
Whiteboard: B3 [ebuild]
Package list:
Runtime testing required: ---

Description Francis Booth 2017-01-25 12:43:48 UTC 
Virgil 3d project, used by Quick Emulator(Qemu) to implement 3D GPU support
for the virtio GPU, is vulnerable to an OOB array access issue. It could occur
when parsing texture instructions in parse_instruction().

A guest user/process could use this flaw to crash the Qemu process instance
resulting DoS.

Upstream patch:
---------------
  -> https://lists.freedesktop.org/archives/virglrenderer-devel/2017-January/000105.html

Reproducible: Always
Comment 1 Agostino Sarubbo gentoo-dev 2017-01-25 14:50:47 UTC 

*** This bug has been marked as a duplicate of bug 607022 ***