Все бюллетени/sisyphus_riscv64/ALT-PU-2022-6325-1
ALT-PU-2022-6325-1

Обновление пакета libvirglrenderer в ветке sisyphus_riscv64

Версия0.10.3-alt1
Задание#0
Опубликовано2022-09-30
Макс. серьёзностьHIGH
Серьёзность:

Закрытые проблемы (2)

CVE-2022-0135
HIGH7.8

An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl, leading to a denial of service or possible code execution.

Опубликовано: 2022-08-25Изменено: 2024-11-21
CVSS 3.xВЫСОКАЯ 7.8
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Ссылки
CVE-2022-0175
MEDIUM5.5

A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure.

Опубликовано: 2022-08-26Изменено: 2024-11-21
CVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Ссылки