CVE-2019-18389

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-18389
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-18389.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-18389
Downstream
Related
Published
2019-12-23T16:15:11Z
Modified
2025-09-19T10:50:03.248761Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A heap-based buffer overflow in the vrendrenderertransferwriteiov function in vrendrenderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service, or QEMU guest-to-host escape and code execution, via VIRGLCCMDRESOURCEINLINE_WRITE commands.

References

Affected packages

Alpine:v3.11 / virglrenderer

Package

Name
virglrenderer
Purl
pkg:apk/alpine/virglrenderer?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8.1-r0

Affected versions

0.*

0.6.0-r1
0.7.0-r0
0.7.0-r1
0.8.0-r1

Git / gitlab.freedesktop.org/virgl/virglrenderer

Affected ranges

Type
GIT
Repo
https://gitlab.freedesktop.org/virgl/virglrenderer
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
cbc8d8b75be360236cada63784046688aeb6d921

Affected versions

virglrenderer-0.*

virglrenderer-0.2.0
virglrenderer-0.4.0
virglrenderer-0.5.0
virglrenderer-0.6.0
virglrenderer-0.7.0
virglrenderer-0.8.0

Database specific 

{
    "vanir_signatures": [
        {
            "deprecated": false,
            "signature_type": "Line",
            "source": "https://gitlab.freedesktop.org/virgl/virglrenderer@cbc8d8b75be360236cada63784046688aeb6d921",
            "signature_version": "v1",
            "target": {
                "file": "src/virgl_hw.h"
            },
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "212982511386522358746273595671342497611",
                    "176747774204209346806457768416224481165",
                    "169961600532525220405558589553595170244"
                ]
            },
            "id": "CVE-2019-18389-12f47810"
        },
        {
            "deprecated": false,
            "signature_type": "Line",
            "source": "https://gitlab.freedesktop.org/virgl/virglrenderer@cbc8d8b75be360236cada63784046688aeb6d921",
            "signature_version": "v1",
            "target": {
                "file": "src/vrend_renderer.c"
            },
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "150023804409513975484122868535164136886",
                    "189283878556883249191112801145573941720",
                    "2708861587290119798094756257004263193",
                    "273175914684112087963643696582796120737",
                    "323302747453226056343584605309866162966",
                    "19447575492423849005765873006358988003",
                    "181403213380005488052820626626725544696",
                    "182022676534866431682732151249749610299",
                    "263897265348195184485703119549565851941",
                    "40029899954140331364357814857549437191",
                    "65797140655162890820635426628676327462",
                    "41198977083158660322491202228300537822",
                    "7824466507393594217165901777151291835",
                    "210342644148727675093932111662672900398",
                    "87142903983319738237289855629501246278",
                    "181290981331351594553469463719138539450",
                    "260826916990242396476795429736978634242",
                    "188947903820730673702306011043215310128",
                    "271460832934047377462164318394240116979",
                    "45733689806069258237816196943054068304",
                    "322040750450432822753016762875383628083",
                    "101946048269740007793673467700116581699",
                    "160342889137666347841325691495378316651"
                ]
            },
            "id": "CVE-2019-18389-203ebfe0"
        },
        {
            "deprecated": false,
            "signature_type": "Function",
            "source": "https://gitlab.freedesktop.org/virgl/virglrenderer@cbc8d8b75be360236cada63784046688aeb6d921",
            "signature_version": "v1",
            "target": {
                "file": "src/vrend_renderer.c",
                "function": "vrend_renderer_transfer_iov"
            },
            "digest": {
                "function_hash": "74716657909445027734381147258483684542",
                "length": 1233.0
            },
            "id": "CVE-2019-18389-d1eccb1c"
        },
        {
            "deprecated": false,
            "signature_type": "Function",
            "source": "https://gitlab.freedesktop.org/virgl/virglrenderer@cbc8d8b75be360236cada63784046688aeb6d921",
            "signature_version": "v1",
            "target": {
                "file": "src/vrend_renderer.c",
                "function": "check_transfer_bounds"
            },
            "digest": {
                "function_hash": "284910439952181846112313075504416121027",
                "length": 1249.0
            },
            "id": "CVE-2019-18389-e12fc0e5"
        }
    ]
}