All errata/p10/ALT-PU-2024-2056-2
ALT-PU-2024-2056-2

Package update libvirglrenderer in branch p10

Version1.0.1-alt2
Task#340222
Published2024-02-16
Max severityHIGH
Severity:

Closed issues (2)

CVE-2022-0135
HIGH7.8

An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl, leading to a denial of service or possible code execution.

Published: 2022-08-25Modified: 2024-11-21
CVSS 3.xHIGH 7.8
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References
CVE-2022-0175
MEDIUM5.5

A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure.

Published: 2022-08-26Modified: 2024-11-21
CVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References