Candidate: CVE-2020-8003
PublicDate: 2020-01-27 05:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8003
Description:
 A double-free vulnerability in vrend_renderer.c in virglrenderer through
 0.8.1 allows attackers to cause a denial of service by triggering texture
 allocation failure, because vrend_renderer_resource_allocated_texture is
 not an appropriate place for a free.
Ubuntu-Description:
Notes:
 mdeslaur> looks like the double-free was introduced here:
 mdeslaur> https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/0d9a2c88dc3a70023541b3260b9f00c982abda16
Mitigation:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949954
Priority: low
Discovered-by:
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H [5.5 MEDIUM]


Patches_virglrenderer:
 upstream: https://gitlab.freedesktop.org/virgl/virglrenderer/commit/522b610a826f6de58c560cbb38fa8dfc65ae3c42
upstream_virglrenderer: released (0.8.2-1)
precise/esm_virglrenderer: DNE
trusty_virglrenderer: ignored (out of standard support)
trusty/esm_virglrenderer: DNE
xenial_virglrenderer: DNE
bionic_virglrenderer: not-affected (0.6.0-2)
eoan_virglrenderer: not-affected (0.7.0-2)
devel_virglrenderer: not-affected (0.8.2-1)