CVE-2017-5578

Published: 15 March 2017

Memory leak in the virtio_gpu_resource_attach_backing function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands.

Priority

CVSS 3 base score: 6.5

Status

Package	Release	Status
qemu Launchpad, Ubuntu, Debian	Upstream	Needs triage




	Ubuntu 16.04 ESM (Xenial Xerus)	Released (1:2.5+dfsg-5ubuntu10.11)
	Ubuntu 14.04 ESM (Trusty Tahr)	Not vulnerable (code not present)
	Patches: Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=204f01b30975923c64006f8067f0937b91eea68b
qemu-kvm Launchpad, Ubuntu, Debian	Upstream	Needs triage




	Ubuntu 16.04 ESM (Xenial Xerus)	Does not exist
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist

References

Bugs

https://bugzilla.redhat.com/show_bug.cgi?id=1415795

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›