CVE-2025-2509

CWE-125Out-of-bounds ReadCWE-4156 documents6 sources
Severity
7.8HIGH
EPSS
0.0%
top 92.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Google ChromeosGoogle Chrome OS
Timeline
PublishedMay 6
Latest updateMay 19

Description

Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process, potentially leading to VM escape via crafted vertex elements data triggering an out-of-bounds read in util_format_description.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5google/chromeos16093.57.016093.57.0
NVDgoogle/chrome_os16093.57.0

🔴Vulnerability Details

3
OSV
CVE-2025-2509: (Out-of-Bounds Read in Virglrenderer in ChromeOS 160932025-05-19
GHSA
GHSA-vv54-m573-67vp: Out-of-Bounds Read in Virglrenderer in ChromeOS 160932025-05-06
CVEList
CVE-2025-2509: Out-of-Bounds Read in Virglrenderer in ChromeOS 160932025-05-06

📋Vendor Advisories

2
Debian
CVE-2025-2509: virglrenderer - Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious g...2025
Microsoft
A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.2022-08-09
CVE-2025-2509 (HIGH CVSS 7.8) | Out-of-Bounds Read in Virglrenderer | cvebase.io