CVE-2016-10214 — Missing Release of Memory after Effective Lifetime in Project Virglrenderer

CWE-3997 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 79.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Virglrenderer Project Virglrenderer

Timeline

PublishedMar 20

Latest updateMay 17

Description

Memory leak in the virgl_resource_attach_backing function in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 2.0 | Impact: 4.0

Affected Packages2 packages

▶Debianvirglrenderer_project/virglrenderer< 0.6.0-1+3

▶NVDvirglrenderer_project/virglrenderer0.5.0

Patches

Patch: www.openwall.com ↗Patch: cgit.freedesktop.org ↗Patch: lists.freedesktop.org ↗

🔴Vulnerability Details

GHSA

GHSA-chcj-vq6f-3pfm: Memory leak in the virgl_resource_attach_backing function in virglrenderer before 0↗2022-05-17

▶

CVEList

CVE-2016-10214: Memory leak in the virgl_resource_attach_backing function in virglrenderer before 0↗2017-03-20

▶

OSV

CVE-2016-10214: Memory leak in the virgl_resource_attach_backing function in virglrenderer before 0↗2017-03-20

▶

📋Vendor Advisories

Debian

CVE-2016-10214: virglrenderer - Memory leak in the virgl_resource_attach_backing function in virglrenderer befor...↗2016

▶

💬Community

Bugzilla

CVE-2016-10214 virglrenderer: host memory leak issue in virgl_resource_attach_backing [fedora-all]↗2017-02-08

▶

Bugzilla

CVE-2016-10214 virglrenderer: host memory leak issue in virgl_resource_attach_backing↗2017-02-08

▶