CVE-2019-18390 — Out-of-bounds Read in Project Virglrenderer

CWE-125 — Out-of-bounds Read8 documents7 sources

Severity

7.1HIGHNVD

EPSS

0.1%

top 70.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Virglrenderer Project Virglrenderer Debian Linux Opensuse Leap +1 more

Timeline

PublishedDec 23

Latest updateMay 24

Description

An out-of-bounds read in the vrend_blit_need_swizzle function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_BLIT commands.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages3 packages

▶Debianvirglrenderer_project/virglrenderer< 0.8.1-1+3

▶NVDvirglrenderer_project/virglrenderer0.8.0

▶NVDopensuse/leap15.1

Also affects: Debian Linux 10.0, Enterprise Linux 8.0

Patches

Patch: bugzilla.redhat.com ↗Patch: gitlab.freedesktop.org ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-gp3m-wg52-v97j: An out-of-bounds read in the vrend_blit_need_swizzle function in vrend_renderer↗2022-05-24

▶

OSV

CVE-2019-18390: An out-of-bounds read in the vrend_blit_need_swizzle function in vrend_renderer↗2019-12-23

▶

CVEList

CVE-2019-18390: An out-of-bounds read in the vrend_blit_need_swizzle function in vrend_renderer↗2019-12-23

▶

📋Vendor Advisories

Red Hat

virglrenderer: out-of-bounds read in the vrend_blit_need_swizzle may lead to DoS↗2019-10-08

▶

Debian

CVE-2019-18390: virglrenderer - An out-of-bounds read in the vrend_blit_need_swizzle function in vrend_renderer....↗2019

▶

💬Community

Bugzilla

CVE-2019-18390 virglrenderer: out-of-bounds read in the vrend_blit_need_swizzle may lead to DoS [fedora-all]↗2019-12-18

▶

Bugzilla

CVE-2019-18390 virglrenderer: out-of-bounds read in the vrend_blit_need_swizzle may lead to DoS↗2019-10-25

▶