Vulnerability Details : CVE-2017-6209
Stack-based buffer overflow in the parse_identifier function in tgsi_text.c in the TGSI auxiliary module in the Gallium driver in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to parsing properties.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2017-6209
- cpe:2.3:a:virglrenderer_project:virglrenderer:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-6209
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 30 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-6209
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:N/A:P |
3.9
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H |
2.0
|
4.0
|
NIST |
CWE ids for CVE-2017-6209
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-6209
-
https://security.gentoo.org/glsa/201707-06
virglrenderer: Multiple vulnerabilities (GLSA 201707-06) — Gentoo security
-
https://bugzilla.redhat.com/show_bug.cgi?id=1426149
1426149 – (CVE-2017-6209) CVE-2017-6209 Virglrenderer: stack buffer oveflow in parse_identifierIssue Tracking;Patch
-
https://lists.freedesktop.org/archives/virglrenderer-devel/2017-February/000145.html
[virglrenderer-devel] [ANNOUNCE] virglrenderer 0.6.0Patch
-
https://cgit.freedesktop.org/virglrenderer/commit/?id=e534b51ca3c3cd25f3990589932a9ed711c59b27
virglrenderer - VirGL virtual OpenGL renderer (mirrored from https://gitlab.freedesktop.org/virgl/virglrenderer)Patch
-
http://www.openwall.com/lists/oss-security/2017/02/23/20
oss-security - CVE-2017-6209 Virglrenderer: stack buffer oveflow in parse_identifierMailing List;Patch
-
http://www.securityfocus.com/bid/96437
Virglrenderer CVE-2017-6209 Stack Buffer Overflow VulnerabilityThird Party Advisory;VDB Entry
Jump to