Lucene search

[email protected]CVE-2017-6210

HistoryMar 15, 2017 - 2:59 p.m.

CVE-2017-6210

2017-03-1514:59:00

CWE-476

[email protected]

web.nvd.nist.gov

cve-2017-6210

vrend_decode_reset

vrend_decode.c

virglrenderer

denial of service

null pointer dereference

qemu process crash

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

5.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.9%

JSON

The vrend_decode_reset function in vrend_decode.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (NULL pointer dereference and QEMU process crash) by destroying context 0 (zero).

Affected configurations

NVD

Node

virglrenderer_projectvirglrendererRange≤0.5.0

CPENameOperatorVersion
virglrenderer_project:virglrenderervirglrenderer project virglrendererle0.5.0

CPE	Name	Operator	Version
virglrenderer_project:virglrenderer	virglrenderer project virglrenderer	le	0.5.0

References

www.openwall.com/lists/oss-security/2017/02/23/21

www.securityfocus.com/bid/96439

bugzilla.redhat.com/show_bug.cgi?id=1426170

cgit.freedesktop.org/virglrenderer/commit/?id=0a5dff15912207b83018485f83e067474e818bab

lists.freedesktop.org/archives/virglrenderer-devel/2017-February/000145.html

security.gentoo.org/glsa/201707-06

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

5.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.9%

JSON

Related for CVE-2017-6210

nvd1 osv1 prion1 ubuntucve1 cvelist1 debiancve1 nessus3 gentoo1 openvas1