CVE-2017-5994

MEDIUM

Virglrenderer < 0.5.0 - Memory Corruption

Title source: rule

Description

Heap-based buffer overflow in the vrend_create_vertex_elements_state function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and crash) via the num_elements parameter.

References (6)

[Mailing List, Patch, Third Party Advisory] http://www.openwall.com/lists/oss-security/2017/02/15/8

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/96276

[Issue Tracking, Patch, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=1422452

[Patch] https://cgit.freedesktop.org/virglrenderer/commit/?id=114688c526fe45f341d75ccd1d85473c3b08f7a7

[Patch] https://lists.freedesktop.org/archives/virglrenderer-devel/2017-February/000145.html

[Third Party Advisory] https://security.gentoo.org/glsa/201707-06

Scores

CVSS v3 5.5

EPSS 0.0007

EPSS Percentile 21.2%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-119

Status published

Affected Products (2)

virglrenderer_project/virglrenderer < 0.5.0

n/a/n/a

Timeline

Published Mar 15, 2017

Tracked Since Feb 18, 2026