CVE-2017-5552Missing Release of Memory after Effective Lifetime in Qemu

CWE-401Missing Release of Memory after Effective LifetimeCWE-772Missing Release of Resource after Effective Lifetime11 documents7 sources
Severity
6.5MEDIUMNVD
OSV5.5
EPSS
0.2%
top 58.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
QemuDebian Qemu
Timeline
PublishedMar 15
Latest updateMay 13

Description

Memory leak in the virgl_resource_attach_backing function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 2.0 | Impact: 4.0

Affected Packages4 packages

debiandebian/qemu< qemu 1:2.10.0-1 (bookworm)
Debianqemu/qemu< 1:2.10.0-1+3
Ubuntuqemu/qemu< 2.0.0+dfsg-2ubuntu1.33+1
NVDqemu/qemu2.8.1.1

Patches

Patch: www.openwall.comPatch: www.openwall.comPatch: www.openwall.com

🔴Vulnerability Details

3
GHSA
GHSA-8fh6-cprr-3rxm: Memory leak in the virgl_resource_attach_backing function in hw/display/virtio-gpu-3d2022-05-13
OSV
qemu vulnerabilities2017-04-20
OSV
CVE-2017-5552: Memory leak in the virgl_resource_attach_backing function in hw/display/virtio-gpu-3d2017-03-15

📋Vendor Advisories

4
Ubuntu
QEMU vulnerabilities2017-04-25
Ubuntu
QEMU vulnerabilities2017-04-20
Red Hat
Qemu: display: virtio-gpu-3d: memory leakage in virgl_resource_attach_backing2017-01-03
Debian
CVE-2017-5552: qemu - Memory leak in the virgl_resource_attach_backing function in hw/display/virtio-g...2017

💬Community

3
Bugzilla
CVE-2017-5552 Qemu: display: virtio-gpu-3d: memory leakage in virgl_resource_attach_backing2017-01-20
Bugzilla
CVE-2017-5552 Qemu: display: virtio-gpu-3d: memory leakage in virgl_resource_attach_backing [fedora-all]2017-01-20
Bugzilla
CVE-2016-5552 OpenJDK: incorrect URL parsing in URLStreamHandler (Networking, 8167223)2017-01-17