Integer overflow in the vrendcreateshader function in vrendrenderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (process crash) via crafted pktlength and offlen values, which trigger an out-of-bounds access.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "0.6.0-2", "binary_name": "libvirglrenderer-dev" }, { "binary_version": "0.6.0-2", "binary_name": "libvirglrenderer0" }, { "binary_version": "0.6.0-2", "binary_name": "libvirglrenderer0-dbgsym" } ] }