CVE-2022-0135 — Out-of-bounds Write in Project Virglrenderer

CWE-787 — Out-of-bounds Write10 documents9 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 66.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Virglrenderer Project Virglrenderer Debian Linux Redhat Enterprise Linux

Timeline

PublishedAug 25

Latest updateJan 10

Description

An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl, leading to a denial of service or possible code execution.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶NVDvirglrenderer_project/virglrenderer0.8.1 — 0.10.0

▶Debianvirglrenderer_project/virglrenderer< 0.8.2-5+deb11u1+3

▶Ubuntuvirglrenderer_project/virglrenderer< 0.8.2-1ubuntu1.1

▶CVEListV5virglrenderer_project/virglrenderervirglrenderer 0.8.1 and after

Also affects: Debian Linux 10.0, Enterprise Linux 8.0

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-675w-gw5p-29g9: An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer)↗2022-08-26

▶

CVEList

CVE-2022-0135: An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer)↗2022-08-25

▶

OSV

CVE-2022-0135: An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer)↗2022-08-25

▶

OSV

virglrenderer vulnerabilities↗2022-02-28

▶

📋Vendor Advisories

Chrome

Stable Channel Update for Desktop: CVE-2023-0134↗2023-01-10

▶

Microsoft

▶

Ubuntu

virglrenderer vulnerabilities↗2022-02-28

▶

Debian

CVE-2022-0135: virglrenderer - An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (vir...↗2022

▶

Red Hat

virglrenderer: out-of-bounds write in read_transfer_data()↗2021-12-14

▶