CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-0135
https://notcve.org/view.php?id=CVE-2022-0135
An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl, leading to a denial of service or possible code execution. Se ha encontrado un problema de escritura fuera de límites en el renderizador virtual OpenGL de VirGL (virglrenderer). Este defecto permite a un invitado malicioso crear un recurso virgil especialmente diseñado y luego emitir un ioctl VIRTGPU_EXECBUFFER, conllevando a una denegación de servicio o a una posible ejecución de código. • https://bugzilla.redhat.com/show_bug.cgi?id=2037790 https://lists.debian.org/debian-lts-announce/2022/12/msg00017.html https://security.gentoo.org/glsa/202210-05 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-0175
https://notcve.org/view.php?id=CVE-2022-0175
A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure. Se encontró un fallo en VirGL virtual OpenGL renderer (virglrenderer). El virgl no inicializaba apropiadamente la memoria cuando asignaba un recurso de memoria respaldado por el host. • https://access.redhat.com/security/cve/CVE-2022-0175 https://bugzilla.redhat.com/show_bug.cgi?id=2039003 https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/b05bb61f454eeb8a85164c8a31510aeb9d79129c https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/654 https://security-tracker.debian.org/tracker/CVE-2022-0175 https://security.gentoo.org/glsa/202210-05 • CWE-909: Missing Initialization of Resource •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-8003
https://notcve.org/view.php?id=CVE-2020-8003
A double-free vulnerability in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service by triggering texture allocation failure, because vrend_renderer_resource_allocated_texture is not an appropriate place for a free. Una vulnerabilidad de doble liberación en el archivo vrend_renderer.c en virglrenderer versiones hasta 0.8.1, permite a atacantes causar una denegación de servicio al desencadenar un fallo de asignación de textura, porque vrend_renderer_resource_allocated_texture no es un lugar apropiado para una liberación. • https://gitlab.freedesktop.org/virgl/virglrenderer/commit/f9b079ccc319c98499111f66bd654fc9b56cf15f?merge_request_iid=340 https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/340 https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/340/diffs?commit_id=3320973c9f2068f60cf6613c2811a8824781878a https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/340/diffs?commit_id=f9b079ccc319c98499111f66bd654fc9b56cf15f https://lists.debian.org/debian-lts-announce/2022/12/msg00017.html • CWE-415: Double Free •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-8002
https://notcve.org/view.php?id=CVE-2020-8002
A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service via commands that attempt to launch a grid without previously providing a Compute Shader (CS). Una desreferencia del puntero NULL en el archivo vrend_renderer.c en virglrenderer versiones hasta 0.8.1, permite a atacantes causar una denegación de servicio por medio de comandos que intentan iniciar una cuadricula sin proveer previamente un Compute Shader (CS). • https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/340 https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/340/diffs?commit_id=572a36879701598fa727f50313508be99865b58f https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/340/diffs?commit_id=725e12beba4a41934f0ab62d399b5d4de2d13190 https://lists.debian.org/debian-lts-announce/2022/12/msg00017.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-18388
https://notcve.org/view.php?id=CVE-2019-18388
A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via malformed commands. Una desreferencia del puntero NULL en el archivo vrend_renderer.c en virglrenderer versiones hasta 0.8.0, permite a usuarios invitados del sistema operativo causar una denegación de servicio por medio de comandos malformados. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00028.html https://access.redhat.com/security/cve/cve-2019-18388 https://bugzilla.redhat.com/show_bug.cgi?id=1765578 https://gitlab.freedesktop.org/virgl/virglrenderer/commit/0d9a2c88dc3a70023541b3260b9f00c982abda16 https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314/diffs?commit_id=d2cdbcf6a8f2317f250fd54f08aa35dde2fa3e30#diff-content-3cd772559e0d73afa136d6818023cfd0c4c8ecc0 https://lists.debian.org/debian-lts-announce/2022/12/msg00017.html • CWE-476: NULL Pointer Dereference •