A heap-based buffer overflow in the vrendrenderertransferwriteiov function in vrendrenderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGLCCMDRESOURCEINLINE_WRITE commands.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "141347552855496777097344773898259692485", "82080927564456806118201595730806083281", "131488419841163818612352952790316771532", "179374455104432204473931856842977731797", "246807098594516868691158148183117145951", "222831613115720448266449545946457512616", "74242174258136130087693362986902961587", "3502818426200585911477805202201942903", "142564961026162174146415219564087598519", "173939812261767419209301331848291745552", "290125616691850514668800301380185149003", "171665016758568753867956158656064040453" ] }, "id": "CVE-2019-18391-63b8d975", "source": "https://gitlab.freedesktop.org/virgl/virglrenderer@2abeb1802e3c005b17a7123e382171b3fb665971", "signature_version": "v1", "signature_type": "Line", "target": { "file": "src/vrend_renderer.c" }, "deprecated": false }, { "digest": { "function_hash": "118250254458798477934576909953554061388", "length": 7210.0 }, "id": "CVE-2019-18391-74eaed2f", "source": "https://gitlab.freedesktop.org/virgl/virglrenderer@2abeb1802e3c005b17a7123e382171b3fb665971", "signature_version": "v1", "signature_type": "Function", "target": { "file": "src/vrend_renderer.c", "function": "vrend_renderer_transfer_write_iov" }, "deprecated": false } ] }