Bug 1216924 - VUL-0: Google Chromium Vulkan SwiftShader Double Free Remote Code Execution Vulnerability
Summary: VUL-0: Google Chromium Vulkan SwiftShader Double Free Remote Code Execution V...
Status: RESOLVED DUPLICATE of bug 1216783
Alias: None
Product: openSUSE Distribution
Classification: openSUSE
Component: Security (show other bugs)
Version: Leap 15.6
Hardware: Other Other
: P3 - Medium : Normal (vote)
Target Milestone: ---
Assignee: Callum Farmer
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/384274/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-11-07 04:09 UTC by SMASH SMASH
Modified: 2023-11-11 16:10 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SMASH SMASH 2023-11-07 04:09:44 UTC 
This vulnerability allows remote attackers to execute arbitrary code on affected
installations of Google Chromium-based browsers. User interaction is required to
exploit this vulnerability in that the target must visit a malicious page or
open a malicious file.

The specific flaw exists within Vulkan SwiftShader. The issue results from the
lack of validating the existence of an object prior to performing further free
operations on the object. An attacker can leverage this vulnerability to execute
code in the context of the current process.

Fixed in Chrome
117https://swiftshader-review.googlesource.com/c/SwiftShader/+/71928
Comment 1 Andreas Stieger 2023-11-11 16:10:51 UTC 
This is fixed at least as part of bug 1216783

*** This bug has been marked as a duplicate of bug 1216783 ***