Summary: | <media-libs/virglrenderer-0.10.1: code execution via malicious guest | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | tamiko, virtualization |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=2037790 | ||
Whiteboard: | B1 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 876214 | ||
Bug Blocks: |
Description
John Helmert III
2022-08-26 18:44:03 UTC
CVE-2022-0175: A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure. Unreleased patch: https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/b05bb61f454eeb8a85164c8a31510aeb9d79129c RedHat bug: https://bugzilla.redhat.com/show_bug.cgi?id=2039003 Sorry, both fixes in 0.10.0 and beyond The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f957cf49020a73e35603b61f76fa2bfc55ab6862 commit f957cf49020a73e35603b61f76fa2bfc55ab6862 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2022-10-09 03:22:41 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-10-09 03:24:43 +0000 media-libs/virglrenderer: drop 0.8.2 Bug: https://bugs.gentoo.org/866821 Signed-off-by: John Helmert III <ajak@gentoo.org> media-libs/virglrenderer/Manifest | 1 - .../virglrenderer/virglrenderer-0.8.2.ebuild | 46 ---------------------- 2 files changed, 47 deletions(-) GLSA request filed The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=6716ac8ba9951aebe155f31ca4c5eb9e3ed0f660 commit 6716ac8ba9951aebe155f31ca4c5eb9e3ed0f660 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-10-16 14:41:23 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-10-16 14:45:23 +0000 [ GLSA 202210-05 ] virglrenderer: Multiple vulnerabilities Bug: https://bugs.gentoo.org/866821 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202210-05.xml | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) GLSA released, all done! |