CVE-2017-5994 : Heap-based buffer overflow in the vrend_create_vertex_elements

Heap-based buffer overflow in the vrend_create_vertex_elements_state function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and crash) via the num_elements parameter.

Published 2017-03-15 14:59:01

Updated 2017-07-11 01:33:46

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowDenial of service

Products affected by CVE-2017-5994

Virglrenderer Project » Virglrenderer
Versions up to, including, (<=) 0.5.0
cpe:2.3:a:virglrenderer_project:virglrenderer:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2017-5994

EPSS FAQ

0.07%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 19 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-5994

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.1	LOW	AV:L/AC:L/Au:N/C:N/I:N/A:P	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
5.5	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2017-5994

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-5994

http://www.openwall.com/lists/oss-security/2017/02/15/8

oss-security - CVE-2017-5994 Virglrenderer: out-of-bounds access in vrend_create_vertex_elements_state
Mailing List;Patch;Third Party Advisory
https://security.gentoo.org/glsa/201707-06

virglrenderer: Multiple vulnerabilities (GLSA 201707-06) — Gentoo security

CVEs referencing this url
https://lists.freedesktop.org/archives/virglrenderer-devel/2017-February/000145.html

[virglrenderer-devel] [ANNOUNCE] virglrenderer 0.6.0
Patch

CVEs referencing this url
https://cgit.freedesktop.org/virglrenderer/commit/?id=114688c526fe45f341d75ccd1d85473c3b08f7a7

virglrenderer - VirGL virtual OpenGL renderer (mirrored from https://gitlab.freedesktop.org/virgl/virglrenderer)
Patch
https://bugzilla.redhat.com/show_bug.cgi?id=1422452

1422452 – (CVE-2017-5994) CVE-2017-5994 Virglrenderer: out-of-bounds access in vrend_create_vertex_elements_state
Issue Tracking;Patch;Third Party Advisory
http://www.securityfocus.com/bid/96276

Virglrenderer CVE-2017-5994 Denial of Service Vulnerability
Third Party Advisory;VDB Entry

Jump to

Vulnerability Details : CVE-2017-5994

Products affected by CVE-2017-5994

Exploit prediction scoring system (EPSS) score for CVE-2017-5994

CVSS scores for CVE-2017-5994

CWE ids for CVE-2017-5994

References for CVE-2017-5994