CVE-2019-18388

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-18388
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-18388.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-18388
Downstream
Related
Published
2019-12-23T16:15:11Z
Modified
2025-09-19T10:50:05.435848Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via malformed commands.

References

Affected packages

Alpine:v3.11 / virglrenderer

Package

Name
virglrenderer
Purl
pkg:apk/alpine/virglrenderer?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8.1-r0

Affected versions

0.*

0.6.0-r1
0.7.0-r0
0.7.0-r1
0.8.0-r1

Git / gitlab.freedesktop.org/virgl/virglrenderer

Affected ranges

Type
GIT
Repo
https://gitlab.freedesktop.org/virgl/virglrenderer
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
0d9a2c88dc3a70023541b3260b9f00c982abda16

Affected versions

virglrenderer-0.*

virglrenderer-0.2.0
virglrenderer-0.4.0
virglrenderer-0.5.0
virglrenderer-0.6.0
virglrenderer-0.7.0
virglrenderer-0.8.0

Database specific 

{
    "vanir_signatures": [
        {
            "id": "CVE-2019-18388-699cf408",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "230246388284075920837384513401273778520",
                    "247770854284103560370964757660495662146",
                    "283298607776472863989037290026065040225",
                    "10980190749752915742904610299990923267",
                    "97589846449172533768284432859619510842",
                    "259144242973277367783008203364710185230",
                    "113162233880068866324504992580511338066",
                    "292441209584602110749591741382126650725",
                    "195154758548467805256975668421040239481",
                    "197999904296240402179912790660035153229",
                    "45175898030765049316641836147015575380",
                    "11912384764406472244679457261798132362",
                    "193991974060012037851986127852727068367",
                    "317906797538190929006760231226521666755",
                    "87929707494462492199221712289058123186",
                    "225390076115856788429605334412257056887",
                    "11867826398410157442905145874320695957",
                    "62336908799203034448989683326123607637",
                    "75286404666381965941812493418453554629",
                    "315211065258654970910795224706652157703",
                    "267831418382395146011890689487700649259",
                    "303992299423413057243945230921625730236",
                    "124301321920529090545095037987216941160",
                    "163656614376991394210757963670121391537",
                    "229521369241415733215995487912263510529",
                    "168280334930322267386994871193065489110",
                    "26645022375984359981965441878774507919",
                    "235672997240847247767668974237042770373",
                    "274369461503223323845070479388222163445",
                    "167789298990508620865295273071654624061",
                    "18056553497089460993405337199313458988",
                    "300071505119450415034493472560544891372",
                    "334589410547553450498420525248947597730",
                    "108578394884738445282113131388640626793"
                ]
            },
            "signature_type": "Line",
            "deprecated": false,
            "target": {
                "file": "src/vrend_renderer.c"
            },
            "signature_version": "v1",
            "source": "https://gitlab.freedesktop.org/virgl/virglrenderer@0d9a2c88dc3a70023541b3260b9f00c982abda16"
        },
        {
            "id": "CVE-2019-18388-780b980a",
            "digest": {
                "length": 2809.0,
                "function_hash": "255772126217840145050921472267697604337"
            },
            "signature_type": "Function",
            "deprecated": false,
            "target": {
                "file": "src/vrend_renderer.c",
                "function": "check_resource_valid"
            },
            "signature_version": "v1",
            "source": "https://gitlab.freedesktop.org/virgl/virglrenderer@0d9a2c88dc3a70023541b3260b9f00c982abda16"
        },
        {
            "id": "CVE-2019-18388-90221db0",
            "digest": {
                "length": 2350.0,
                "function_hash": "46893389575006868641327675295250580971"
            },
            "signature_type": "Function",
            "deprecated": false,
            "target": {
                "file": "src/vrend_renderer.c",
                "function": "vrend_renderer_resource_create"
            },
            "signature_version": "v1",
            "source": "https://gitlab.freedesktop.org/virgl/virglrenderer@0d9a2c88dc3a70023541b3260b9f00c982abda16"
        }
    ]
}