CVE-2022-0135

An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl, leading to a denial of service or possible code execution.

Database specific

{
    "cwe_ids": [
        "CWE-787"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/0xxx/CVE-2022-0135.json",
    "cna_assigner": "redhat",
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "last_affected": "virglrenderer 0.8.1 and after"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ]
}

References

Affected packages

Git / gitlab.freedesktop.org/virgl/virglrenderer

Affected ranges

Type

GIT

Repo

https://gitlab.freedesktop.org/virgl/virglrenderer

Events

Introduced

66c57963aaf09a1c41056bd2a001da1d51957a14

Fixed

f70a6640cac059c29bf3a6f6851ff67d809543ef

Database specific

{
    "cpe": "cpe:2.3:a:virglrenderer_project:virglrenderer:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0.8.1"
        },
        {
            "fixed": "0.10.0"
        }
    ],
    "source": "CPE_FIELD"
}

Affected versions

0.*

0.8.2

0.9.0

virglrenderer-0.*

virglrenderer-0.8.1

virglrenderer-0.8.2

virglrenderer-0.9.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-0135.json"