CVE-2017-5937 - The util_format_is_pure_uint function in vrend_renderer.c in Virgil 3d project (aka virglrenderer) 0

CVE-2017-5937

Summary

The util_format_is_pure_uint function in vrend_renderer.c in Virgil 3d project (aka virglrenderer) 0.6.0 and earlier allows local guest OS users to cause a denial of service (NULL pointer dereference) via a crafted VIRGL_CCMD_CLEAR command.

References

Vulnerable Configurations

cpe:2.3:a:virglrenderer_project:virglrenderer:-:*:*:*:*:*:*:*
cpe:2.3:a:virglrenderer_project:virglrenderer:-:*:*:*:*:*:*:*
cpe:2.3:a:virglrenderer_project:virglrenderer:0.2.0:*:*:*:*:*:*:*
cpe:2.3:a:virglrenderer_project:virglrenderer:0.2.0:*:*:*:*:*:*:*
cpe:2.3:a:virglrenderer_project:virglrenderer:0.4.0:*:*:*:*:*:*:*
cpe:2.3:a:virglrenderer_project:virglrenderer:0.4.0:*:*:*:*:*:*:*
cpe:2.3:a:virglrenderer_project:virglrenderer:0.5.0:*:*:*:*:*:*:*
cpe:2.3:a:virglrenderer_project:virglrenderer:0.5.0:*:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 17-03-2017 - 13:21)
Impact:
Exploitability:

CWE

CWE-476

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:N/I:N/A:P

refmap via4

bid	96180
confirm	https://bugzilla.redhat.com/show_bug.cgi?id=1420246 https://cgit.freedesktop.org/virglrenderer/commit/?id=48f67f60967f963b698ec8df57ec6912a43d6282
mlist	[oss-security] 20170208 Re: CVE request virglrenderer: null pointer dereference in vrend_clear

Last major update

17-03-2017 - 13:21

Published

15-03-2017 - 19:59

Last modified

17-03-2017 - 13:21