VDB
ALPINE-CVE-2017-5857
ALPINE-CVE-2017-5857
PUBLISHED
CVSS 6.5 MEDIUM
Memory leak in the virgl_cmd_resource_unref function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_UNREF commands sent without detaching the backing storage beforehand.
Risk Scores
CVSS v3.1
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.8 | qemu | 2.5.1-r0, 2.2.1-r0, 2.1.3-r0 |
| Alpine:v3.9 | qemu | 1.0-r3, 1.5.1-r1, 1.4.1-r0 |
| Alpine:v3.7 | qemu | 2.4.1-r0, 1.1.0-r0, 0 |
| Alpine:v3.6 | qemu | 1.3.1-r0, 1.3.0-r0, 1.2.2-r0 |
| Alpine:v3.10 | qemu | 1.1.1-r0, 0.11.1-r1, 0.12.5-r0 |
| Alpine:v3.5 | qemu | 0.10.6-r0, 2.8.0-r1, 2.8.0-r0 |
Timeline
- Mar 16, 2017 CVE Published
- Nov 19, 2025 CVE Updated
- Apr 30, 2026 Distribution Patch