CVE-2022-0175: A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory…

CVE-2022-0175 [MEDIUM] CWE-909 A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host possibly leading to information disclosure. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX i

CVE-2018-0175 [HIGH] CWE-119 Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability Vulnerability: Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability Affected: Cisco IOS, XR, and XE Software Format string vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Required Action: Apply updates per vendor instructions. Notes: https://nvd.nist.gov/vuln/detail/CVE-2018-0175 Remediation Due Date: 2022-03-17

CVE-2022-0175 [HIGH] virglrenderer vulnerabilities Title: virglrenderer vulnerabilities Summary: Several security issues were fixed in virglrenderer. It was discovered that virglrenderer incorrectly handled memory. An attacker inside a guest could use this issue to cause virglrenderer to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-0135) It was discovered that virglrenderer incorrectly initialized memory. An attacker inside a guest could possibly use this issue to obtain sensitive host information. (CVE-2022-0175) Instructions: After a standard system update you need to restart all virtual machines to make all the necessary changes.

CVE-2022-0175 [MEDIUM] CVE-2022-0175: virglrenderer - A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl... A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2022-0175 [MEDIUM] CWE-909 virglrenderer: memory initialization issue in vrend_resource_alloc_buffer() can lead to info leak virglrenderer: memory initialization issue in vrend_resource_alloc_buffer() can lead to info leak A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure. A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure. Statement: This flaw does not affect Red Hat Ente

CVE-2022-0175 [MEDIUM] CWE-909 GHSA-28q3-mx7c-4cc3: A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer) A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure.

CVE-2022-0135 [HIGH] virglrenderer vulnerabilities virglrenderer vulnerabilities It was discovered that virglrenderer incorrectly handled memory. An attacker inside a guest could use this issue to cause virglrenderer to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-0135) It was discovered that virglrenderer incorrectly initialized memory. An attacker inside a guest could possibly use this issue to obtain sensitive host information. (CVE-2022-0175)

CVE-2022-0175 [MEDIUM] CVE-2022-0175: A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer) A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure.