{"id":"CVE-2019-18388","details":"A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via malformed commands.","modified":"2026-04-11T09:39:40.172228Z","published":"2019-12-23T16:15:11.087Z","related":["SUSE-SU-2020:0016-1","SUSE-SU-2020:0017-1","openSUSE-SU-2020:0058-1","openSUSE-SU-2024:11499-1"],"references":[{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00028.html"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/cve-2019-18388"},{"type":"ADVISORY","url":"https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314/diffs?commit_id=d2cdbcf6a8f2317f250fd54f08aa35dde2fa3e30#diff-content-3cd772559e0d73afa136d6818023cfd0c4c8ecc0"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00017.html"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1765578"},{"type":"FIX","url":"https://gitlab.freedesktop.org/virgl/virglrenderer/commit/0d9a2c88dc3a70023541b3260b9f00c982abda16"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.freedesktop.org/virgl/virglrenderer","events":[{"introduced":"0"},{"last_affected":"48cc96c9aebb9d0164830a157efc8916f08f00c0"},{"fixed":"0d9a2c88dc3a70023541b3260b9f00c982abda16"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.8.0"}]}}],"versions":["virglrenderer-0.2.0","virglrenderer-0.4.0","virglrenderer-0.5.0","virglrenderer-0.6.0","virglrenderer-0.7.0","virglrenderer-0.8.0"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"15.1"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-18388.json","vanir_signatures":[{"source":"https://gitlab.freedesktop.org/virgl/virglrenderer@0d9a2c88dc3a70023541b3260b9f00c982abda16","signature_version":"v1","signature_type":"Line","target":{"file":"src/vrend_renderer.c"},"digest":{"threshold":0.9,"line_hashes":["230246388284075920837384513401273778520","247770854284103560370964757660495662146","283298607776472863989037290026065040225","10980190749752915742904610299990923267","97589846449172533768284432859619510842","259144242973277367783008203364710185230","113162233880068866324504992580511338066","292441209584602110749591741382126650725","195154758548467805256975668421040239481","197999904296240402179912790660035153229","45175898030765049316641836147015575380","11912384764406472244679457261798132362","193991974060012037851986127852727068367","317906797538190929006760231226521666755","87929707494462492199221712289058123186","225390076115856788429605334412257056887","11867826398410157442905145874320695957","62336908799203034448989683326123607637","75286404666381965941812493418453554629","315211065258654970910795224706652157703","267831418382395146011890689487700649259","303992299423413057243945230921625730236","124301321920529090545095037987216941160","163656614376991394210757963670121391537","229521369241415733215995487912263510529","168280334930322267386994871193065489110","26645022375984359981965441878774507919","235672997240847247767668974237042770373","274369461503223323845070479388222163445","167789298990508620865295273071654624061","18056553497089460993405337199313458988","300071505119450415034493472560544891372","334589410547553450498420525248947597730","108578394884738445282113131388640626793"]},"id":"CVE-2019-18388-699cf408","deprecated":false},{"source":"https://gitlab.freedesktop.org/virgl/virglrenderer@0d9a2c88dc3a70023541b3260b9f00c982abda16","signature_version":"v1","signature_type":"Function","target":{"file":"src/vrend_renderer.c","function":"check_resource_valid"},"digest":{"length":2809,"function_hash":"255772126217840145050921472267697604337"},"id":"CVE-2019-18388-780b980a","deprecated":false},{"source":"https://gitlab.freedesktop.org/virgl/virglrenderer@0d9a2c88dc3a70023541b3260b9f00c982abda16","signature_version":"v1","signature_type":"Function","target":{"file":"src/vrend_renderer.c","function":"vrend_renderer_resource_create"},"digest":{"length":2350,"function_hash":"46893389575006868641327675295250580971"},"id":"CVE-2019-18388-90221db0","deprecated":false}],"vanir_signatures_modified":"2026-04-11T09:39:40Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}