247 matches found
DEBIAN-CVE-2021-3544
Several memory leaks were found in the virtio vhost-user GPU device vhost-user-gpu of QEMU in versions up to and including 6.0. They exist in contrib/vhost-user-gpu/vhost-user-gpu.c and contrib/vhost-user-gpu/virgl.c due to improper release of memory i.e., free after effective lifetime...
UBUNTU-CVE-2021-3546
An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device vhost-user-gpu of QEMU in versions up to and including 6.0. The flaw occurs while processing the 'VIRTIOGPUCMDGETCAPSET' command from the guest. It could allow a privileged guest user to crash the QEMU process on t...
CVE-2016-7994
Memory leak in the virtiogpuresourcecreate2d function in hw/display/virtio-gpu.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service memory consumption via a large number of VIRTIOGPUCMDRESOURCECREATE2D commands...
USN-3414-1 qemu vulnerabilities
Leo Gaspard discovered that QEMU incorrectly handled VirtFS access control. A guest attacker could use this issue to elevate privileges inside the guest. CVE-2017-7493 Li Qiang discovered that QEMU incorrectly handled VMWare PVSCSI emulation. A privileged attacker inside the guest could use this...
USN-3392-1 linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon regression
USN-3378-1 fixed vulnerabilities in the Linux kernel. Unfortunately, a regression was introduced that prevented conntrack from working correctly in some situations. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Fan Wu and Shixiong Zhao discovered a...
MGASA-2017-0260 Updated kernel-linus packages fixes security and other bugs
This kernel-linus update is based on upstream 4.4.79 and fixes at least the following security issues: Linux kernel built with the VirtIO GPU driverCONFIGDRMVIRTIOGPU support is vulnerable to a memory leakage issue. It could occur while creating a virtio gpu object in virtiogpuobjectcreate. A...
Updated kernel-linus packages fixes security and other bugs
This kernel-linus update is based on upstream 4.9.40 and fixes at least the following security issues: Linux kernel built with the VirtIO GPU driverCONFIGDRMVIRTIOGPU support is vulnerable to a memory leakage issue. It could occur while creating a virtio gpu object in virtiogpuobjectcreate. A...
Updated kernel-tmb packages fixes security and other bugs
This kernel-tmb update is based on upstream 4.4.79 and fixes at least the following security issues: Linux kernel built with the VirtIO GPU driverCONFIGDRMVIRTIOGPU support is vulnerable to a memory leakage issue. It could occur while creating a virtio gpu object in virtiogpuobjectcreate. A...
Updated kernel-tmb packages fixes security and other bugs
This kernel-tmb update is based on upstream 4.9.40 and fixes at least the following security issues: Linux kernel built with the VirtIO GPU driverCONFIGDRMVIRTIOGPU support is vulnerable to a memory leakage issue. It could occur while creating a virtio gpu object in virtiogpuobjectcreate. A...
Debian DSA-3927-1 : linux - security update (Stack Clash)
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. - CVE-2017-7346 Li Qiang discovered that the DRM driver for VMware virtual GPUs does not properly check user-controlled values in the...
Ubuntu 16.04 LTS : Linux kernel (HWE) vulnerabilities (USN-3377-2)
The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3377-2 advisory. USN-3377-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement H...
Ubuntu 17.04 : linux, linux-raspi2 vulnerabilities (USN-3377-1) (Stack Clash)
Fan Wu and Shixiong Zhao discovered a race condition between inotify events and vfs rename operations in the Linux kernel. An unprivileged local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2017-7533 It was discovered that the Linux kernel did n...
Updated kernel packages fixes security and other bugs
This kernel update is based on upstream 4.4.79 and fixes at least the following security issues: Linux kernel built with the VirtIO GPU driverCONFIGDRMVIRTIOGPU support is vulnerable to a memory leakage issue. It could occur while creating a virtio gpu object in virtiogpuobjectcreate. A...
USN-3378-2 linux-lts-xenial vulnerabilities
USN-3378-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Fan Wu and Shixiong Zhao discovered a race condition between inotify events and vfs...
USN-3377-2 linux-hwe vulnerabilities
USN-3377-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. Fan Wu and Shixiong Zhao discovered a race condition between inotify events and vfs rename...
USN-3378-1 linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities
Fan Wu and Shixiong Zhao discovered a race condition between inotify events and vfs rename operations in the Linux kernel. An unprivileged local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2017-7533 It was discovered that the Linux kernel did n...
USN-3378-1: Linux kernel vulnerabilities
Fan Wu and Shixiong Zhao discovered a race condition between inotify events and vfs rename operations in the Linux kernel. An unprivileged local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2017-7533 It was discovered that the Linux kernel did n...
Fedora 25 : 2:qemu (2017-f941184db1)
CVE-2017-7718: cirrus: OOB read access issue bz 1443443 - CVE-2016-9603: cirrus: heap buffer overflow via vnc connection bz 1432040 - CVE-2017-7377: 9pfs: fix file descriptor leak bz 1437872 - CVE-2017-7980: cirrus: OOB r/w access issues in bitblt bz 1444372 - CVE-2017-8112: vmwpvscsi: infinite...
Linux Kernel 'virtio_gpu_object_create' Function Denial of Service Vulnerability
The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A denial of service vulnerability exists in the 'virtiogpuobjectcreate' function in the drivers/gpu/drm/virtio/virtgpuobject.c file in Linux kernel 4.11.8 and earlier. An...
CVE-2017-10810
Memory leak in the virtiogpuobjectcreate function in drivers/gpu/drm/virtio/virtgpuobject.c in the Linux kernel through 4.11.8 allows attackers to cause a denial of service memory consumption by triggering object-initialization failures...