CVE-2022-0135: An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted…

CVE-2023-0134 [MEDIUM] Stable Channel Update for Desktop: CVE-2023-0134 Stable Channel Update for Desktop CVE-2023-0134: Use after free in Cart. Reported by Chaoyuan Peng (@ret2happy) on 2022-11-17 [$2500][ 1385831 ] Medium CVE-2023-0135: Use after free in Cart Reported by Chaoyuan Peng (@ret2happy) on 2022-11-18 [$2000][ 1356987 ] Medium CVE-2023-0136: Inappropriate implementation in Fullscreen API Severity: medium

CVE-2022-0135 [HIGH] CWE-787 An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_E An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl leading to a denial of service or possible code execution. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more infor

CVE-2022-0175 [HIGH] virglrenderer vulnerabilities Title: virglrenderer vulnerabilities Summary: Several security issues were fixed in virglrenderer. It was discovered that virglrenderer incorrectly handled memory. An attacker inside a guest could use this issue to cause virglrenderer to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-0135) It was discovered that virglrenderer incorrectly initialized memory. An attacker inside a guest could possibly use this issue to obtain sensitive host information. (CVE-2022-0175) Instructions: After a standard system update you need to restart all virtual machines to make all the necessary changes.

CVE-2022-0135 [HIGH] CVE-2022-0135: virglrenderer - An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (vir... An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl, leading to a denial of service or possible code execution. Scope: local bookworm: resolved (fixed in 0.10.0-1) bullseye: resolved (fixed in 0.8.2-5+deb11u1) forky: resolved (fixed in 0.10.0-1) sid: resolved (fixed in 0.10.0-1) trixie: resolved (fixed in 0.10.0-1)

CVE-2022-0135 [HIGH] CWE-787 virglrenderer: out-of-bounds write in read_transfer_data() virglrenderer: out-of-bounds write in read_transfer_data() An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl, leading to a denial of service or possible code execution. An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl, leading to a denial of service or possible code execution. Statement: This flaw does not affect Red Hat Enterprise Linux as `virglrenderer` is not shipped in RHEL. Support for VirGL was enabled as a Technology Preview in Red Hat Enterprise Linux

CVE-2022-0135 [HIGH] CWE-787 GHSA-675w-gw5p-29g9: An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer) An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl, leading to a denial of service or possible code execution.

CVE-2022-0135 [HIGH] CVE-2022-0135: An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer) An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl, leading to a denial of service or possible code execution.

CVE-2022-0135 [HIGH] virglrenderer vulnerabilities virglrenderer vulnerabilities It was discovered that virglrenderer incorrectly handled memory. An attacker inside a guest could use this issue to cause virglrenderer to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-0135) It was discovered that virglrenderer incorrectly initialized memory. An attacker inside a guest could possibly use this issue to obtain sensitive host information. (CVE-2022-0175)