CVE-2022-0175
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
26/08/2022
Last modified:
08/11/2022
Description
A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:virglrenderer_project:virglrenderer:0.9.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:virglrenderer_project:virglrenderer:0.9.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://access.redhat.com/security/cve/CVE-2022-0175
- https://bugzilla.redhat.com/show_bug.cgi?id=2039003
- https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/b05bb61f454eeb8a85164c8a31510aeb9d79129c
- https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/654
- https://security-tracker.debian.org/tracker/CVE-2022-0175
- https://security.gentoo.org/glsa/202210-05