Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 472280 (CVE-2013-1872) - <media-libs/mesa-9.1.4: "remove_dead_constants()" Memory Corruption Vulnerability (CVE-2013-1872)
Summary: <media-libs/mesa-9.1.4: "remove_dead_constants()" Memory Corruption Vulnerabi...
Alias: CVE-2013-1872
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: A3 [glsa]
Depends on: 475480 487964 488018
  Show dependency tree
Reported: 2013-06-04 13:28 UTC by Agostino Sarubbo
Modified: 2014-04-08 09:28 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-06-04 13:28:22 UTC
From ${URL} :

A vulnerability has been reported in Mesa, which can be exploited by malicious people to compromise an application using the library.

The vulnerability is caused due to an input validation error within the "remove_dead_constants()" function (/mesa/drivers/dri/i965/brw_fs.cpp) when 
handling certain shader values, which can be exploited to cause an out-of-bounds write and corrupt memory.

NOTE: This vulnerability affects the Intel platform only.

Fixed in the GIT repository.
Further details available to Secunia VIM customers

Provided and/or discovered by
Reported by the vendor.

Original Advisory

@maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
Comment 1 Chí-Thanh Christopher Nguyễn gentoo-dev 2013-06-30 12:58:26 UTC
This is fixed in master and 9.1 branch

It will be included in mesa-9.1.4 which is expected soon.
Comment 2 David Heidelberg (okias) 2013-07-20 15:43:48 UTC
9.1.4 is released.
Comment 3 Jeroen Roovers (RETIRED) gentoo-dev 2013-07-20 17:16:16 UTC
*** Bug 477520 has been marked as a duplicate of this bug. ***
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2013-08-28 23:06:59 UTC
CVE-2013-1872 (
  The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent attackers
  to cause a denial of service (reachable assertion and crash) and possibly
  execute arbitrary code via vectors involving 3d graphics that trigger an
  out-of-bounds array access, related to the fs_visitor::remove_dead_constants
  function.  NOTE: this issue might be related to CVE-2013-0796.
Comment 5 Chí-Thanh Christopher Nguyễn gentoo-dev 2013-10-13 17:03:00 UTC
Vulnerable versions have been removed from the tree or masked. I did not remove all older versions, because some users may still require them.
Comment 6 Chí-Thanh Christopher Nguyễn gentoo-dev 2013-10-21 21:44:38 UTC
I removed the mask again so that visibility requirements are met (bug 487964 and bug 488018). Instead I masked the video_cards_intel and video_cards_i965 flags for <=mesa-9.0.3, which will prevent the vulnerable code from being built. These flags are not useful on ppc/ppc64 anyway.
Comment 7 Chí-Thanh Christopher Nguyễn gentoo-dev 2014-03-26 12:13:05 UTC
Vulnerable versions have been p.masked.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2014-04-08 09:28:09 UTC
This issue was resolved and addressed in
 GLSA 201404-06 at
by GLSA coordinator Mikle Kolyada (Zlogene).