Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Debian 10: Critical Security Advisory DLA-3232-1 for Virglrenderer DoS

debian lts
Calendar Grey December 7, 2022
Dist Debian Esm H88
The DLA-3232-1 security advisory for Debian LTS fixes crucial vulnerabilities in virglrenderer, critical for OpenGL rendering in virtualization, urging updates
Several security vulnerabilities were discovered in virglrenderer, a virtual GPU for KVM virtualization
Topics%20covered

Topics Covered

security advisory denial of service critical issue software update debian security fixes virglrenderer

Summary

CVE-2019-18388

A NULL pointer dereference in vrend_renderer.c in virglrenderer through
0.8.0 allows guest OS users to cause a denial of service via malformed
commands.

CVE-2019-18389

A heap-based buffer overflow in the vrend_renderer_transfer_write_iov
function in vrend_renderer.c in virglrenderer through 0.8.0 allows
guest OS users to cause a denial of service, or QEMU guest-to-host
escape and code execution, via VIRGL_CCMD_RESOURCE_INLINE_WRITE
commands.

CVE-2019-18390

An out-of-bounds read in the vrend_blit_need_swizzle function in
vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS
users to cause a denial of service via VIRGL_CCMD_BLIT commands.

CVE-2019-18391

A heap-based buffer overflow in the vrend_renderer_transfer_write_iov
function in vrend_renderer.c in virglrenderer through 0.8.0 allows
guest OS users to cause a denial of service via
VIRGL_CCMD_RESOURCE_INLINE_WRITE commands.

CVE-2020-8002

Read the Full Advisory


Severity
critical
Lowest
Low
Medium
High
Critical

Package: virglrenderer
Version: 0.7.0-2+deb10u1
CVE ID: CVE-2019-18388 CVE-2019-18389 CVE-2019-18390 CVE-2019-18391
Debian Bug: 946942 949954 1009073

Topics%20covered

Topics Covered

security advisory denial of service critical issue software update debian security fixes virglrenderer

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here