A heap-based buffer overflow in the vrendrenderertransferwriteiov function in vrendrenderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGLCCMDRESOURCEINLINE_WRITE commands.
[
{
"signature_type": "Line",
"id": "CVE-2019-18391-63b8d975",
"source": "https://gitlab.freedesktop.org/virgl/virglrenderer@2abeb1802e3c005b17a7123e382171b3fb665971",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "src/vrend_renderer.c"
},
"digest": {
"line_hashes": [
"141347552855496777097344773898259692485",
"82080927564456806118201595730806083281",
"131488419841163818612352952790316771532",
"179374455104432204473931856842977731797",
"246807098594516868691158148183117145951",
"222831613115720448266449545946457512616",
"74242174258136130087693362986902961587",
"3502818426200585911477805202201942903",
"142564961026162174146415219564087598519",
"173939812261767419209301331848291745552",
"290125616691850514668800301380185149003",
"171665016758568753867956158656064040453"
],
"threshold": 0.9
}
},
{
"signature_type": "Function",
"id": "CVE-2019-18391-74eaed2f",
"source": "https://gitlab.freedesktop.org/virgl/virglrenderer@2abeb1802e3c005b17a7123e382171b3fb665971",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "vrend_renderer_transfer_write_iov",
"file": "src/vrend_renderer.c"
},
"digest": {
"function_hash": "118250254458798477934576909953554061388",
"length": 7210.0
}
}
]