Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2017-5578

Memory leak in the virtio_gpu_resource_attach_backing function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands.

Related bugs and status

CVE-2017-5578 (Candidate) is related to these bugs:

Bug #1647389: Regression: Live migrations can still crash after CVE-2016-5403 fix

Summary				In	Importance	Status
	1647389	Regression: Live migrations can still crash after CVE-2016-5403 fix		qemu (Ubuntu)	High	Fix Released
	1647389	Regression: Live migrations can still crash after CVE-2016-5403 fix		qemu (Ubuntu Xenial)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.securityfoc...
MISC: https://security.gento...
MISC: http://www.openwall.co...
MISC: http://www.openwall.co...
MISC: http://git.qemu.org/?p...