CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2019-18390
https://notcve.org/view.php?id=CVE-2019-18390
An out-of-bounds read in the vrend_blit_need_swizzle function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_BLIT commands. Una lectura fuera de límites en la función vrend_blit_need_swizzle en el archivo vrend_renderer.c en virglrenderer versiones hasta 0.8.0, permite a usuarios invitados del sistema operativo causar una denegación de servicio por medio de los comandos VIRGL_CCMD_BLIT. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00028.html https://access.redhat.com/security/cve/cve-2019-18390 https://bugzilla.redhat.com/show_bug.cgi?id=1765584 https://gitlab.freedesktop.org/virgl/virglrenderer/commit/24f67de7a9088a873844a39be03cee6882260ac9 https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314/diffs?commit_id=d2cdbcf6a8f2317f250fd54f08aa35dde2fa3e30#3cd772559e0d73afa136d6818023cfd0c4c8ecc0_0_151 https://lists.debian.org/debian-lts-announce/2022/12/msg00017.html • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10214
https://notcve.org/view.php?id=CVE-2016-10214
Memory leak in the virgl_resource_attach_backing function in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands. Fuga de memoria en la función virgl_resource_attach_backing en virglrenderer en versiones anteriores a 0.6.0 permite a usuarios invitados locales del SO provocar una denegación de servicio (consumo de memoria) a través de un número grande de comandos VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands. • http://www.openwall.com/lists/oss-security/2017/02/09/5 http://www.securityfocus.com/bid/96181 https://cgit.freedesktop.org/virglrenderer/commit/?id=40b0e7813325b08077b6f541b3989edb2d86d837 https://lists.freedesktop.org/archives/virglrenderer-devel/2017-February/000145.html https://security.gentoo.org/glsa/201707-06 • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5956
https://notcve.org/view.php?id=CVE-2017-5956
The vrend_draw_vbo function in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors involving vertext_buffer_index. La función vrend_draw_vbo en virglrenderer en versiones anteriores a 0.6.0 permiten a usuarios invitados locales OS provocar una denegación de servicio (acceso a matriz fuera de límites y QEMU bloqueo de proceso) a través de vectores involucrando vertext_buffer_index. • http://www.openwall.com/lists/oss-security/2017/02/13/2 http://www.securityfocus.com/bid/96187 https://cgit.freedesktop.org/virglrenderer/commit/?id=a5ac49940c40ae415eac0cf912eac7070b4ba95d https://lists.freedesktop.org/archives/virglrenderer-devel/2017-February/000145.html https://security.gentoo.org/glsa/201707-06 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5937
https://notcve.org/view.php?id=CVE-2017-5937
The util_format_is_pure_uint function in vrend_renderer.c in Virgil 3d project (aka virglrenderer) 0.6.0 and earlier allows local guest OS users to cause a denial of service (NULL pointer dereference) via a crafted VIRGL_CCMD_CLEAR command. La función util_format_is_pure_uint en vrend_renderer.c en el proyecto Virgil 3d (también conocido como virglrenderer) 0.6.0 y versiones anteriores permite a usuarios locales de SO invitado provocar una denegación de servicio (referencia a puntero NULL) a través de un comando VIRGL_CCMD_CLEAR manipulado. • http://www.openwall.com/lists/oss-security/2017/02/09/4 http://www.securityfocus.com/bid/96180 https://bugzilla.redhat.com/show_bug.cgi?id=1420246 https://cgit.freedesktop.org/virglrenderer/commit/?id=48f67f60967f963b698ec8df57ec6912a43d6282 • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5580
https://notcve.org/view.php?id=CVE-2017-5580
The parse_instruction function in gallium/auxiliary/tgsi/tgsi_text.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and process crash) via a crafted texture instruction. La función parse_instruction en gallium/auxiliar/tgsi/tgsi_text.c en virglrenderer en versiones anteriores a 0.6.0 permite a usuarios locales del SO invitado provocar una denegación de servicio (acceso al array fuera de límites y caída del proceso) a través de una instrucción de textura manipulada. • http://www.openwall.com/lists/oss-security/2017/01/24/5 http://www.openwall.com/lists/oss-security/2017/01/25/5 http://www.securityfocus.com/bid/95782 https://cgit.freedesktop.org/virglrenderer/commit/src/gallium/auxiliary/tgsi/tgsi_text.c?id=28894a30a17a84529be102b21118e55d6c9f23fa https://lists.freedesktop.org/archives/virglrenderer-devel/2017-February/000145.html https://security.gentoo.org/glsa/201707-06 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •