CVE-2017-6386

Published: Mar 15, 2017Modified: May 13, 2026

6.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Exploitability: 2.0 / Impact: 4.0

Source: NVD

Description

Memory leak in the vrend_create_vertex_elements_state function in vrend_renderer.c in virglrenderer allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRGL_OBJECT_VERTEX_ELEMENTS commands.

Affected (1)

Products: Virglrenderer Project: Virglrenderer

Virglrenderer Project

1 product

Virglrenderer

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Virglrenderer Project Virglrenderer	Before 0.8.0

Related CWEs

CWE-772

Missing Release of Resource after Effective Lifetime

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

References (10)

http://www.openwall.com/lists/oss-security/2017/03/01/7

Source: cve@mitre.org

Mailing ListPatchThird Party Advisory

http://www.securityfocus.com/bid/96506

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1427472

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

https://cgit.freedesktop.org/virglrenderer/commit/?id=737c3350850ca4dbc5633b3bdb4118176ce59920

Source: cve@mitre.org

PatchThird Party Advisory

https://security.gentoo.org/glsa/201707-06

Source: cve@mitre.org

Third Party Advisory

http://www.openwall.com/lists/oss-security/2017/03/01/7