Bug 1017085 - VUL-0: CVE-2016-10028: xen: display: virtio-gpu-3d: OOB access while reading virgl capabilities
VUL-0: CVE-2016-10028: xen: display: virtio-gpu-3d: OOB access while reading ...
Status: RESOLVED UPSTREAM
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/178064/
CVSSv2:SUSE:CVE-2016-10028:4.7:(AV:L/...
:
Depends on: CVE-2016-10028
Blocks:
  Show dependency treegraph
 
Reported: 2016-12-23 08:58 UTC by Alexander Bergmann
Modified: 2021-05-20 09:54 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2016-12-23 08:58:01 UTC
+++ This bug was initially created as a clone of Bug #1017084 +++

Please check if the qemu Xen code is affected by this.

rh#1406367

Quick Emulator(Qemu) built with the Virtio GPU Device emulator support is
vulnerable to an out of bounds memory access issue. It could occur while
processing 'VIRTIO_GPU_CMD_GET_CAPSET' command.

A guest user/process could use this flaw to crash the Qemu process instance
on a host, resulting in DoS.

Upstream patch:
https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg01903.html

Reference:
http://www.openwall.com/lists/oss-security/2016/12/20/1

Acknowledgments:
Name: Hongzhenhao Qinghao Tang - Marvel Team (360.cn)

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1406367
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10028
http://seclists.org/oss-sec/2016/q4/741
Comment 1 Swamp Workflow Management 2016-12-23 23:01:01 UTC
bugbot adjusting priority
Comment 2 Charles Arnold 2017-01-04 20:30:35 UTC
No version of Xen that we ship with the upstream qemu has this code.
Comment 3 Marcus Meissner 2017-10-25 18:02:30 UTC
thanks!