The parse_instruction function in gallium/auxiliary/tgsi/tgsi_text.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and process crash) via a crafted texture instruction.
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
| Link | Tags |
|---|---|
| https://security.gentoo.org/glsa/201707-06 | vendor advisory |
| https://lists.freedesktop.org/archives/virglrenderer-devel/2017-February/000145.html | mailing list third party advisory release notes |
| https://cgit.freedesktop.org/virglrenderer/commit/src/gallium/auxiliary/tgsi/tgsi_text.c?id=28894a30a17a84529be102b21118e55d6c9f23fa | third party advisory patch |
| http://www.securityfocus.com/bid/95782 | third party advisory vdb entry |
| http://www.openwall.com/lists/oss-security/2017/01/24/5 | patch mailing list third party advisory |
| http://www.openwall.com/lists/oss-security/2017/01/25/5 | third party advisory mailing list |