{"id":"CVE-2022-0175","details":"A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure.","modified":"2026-04-16T04:39:38.605871563Z","published":"2022-08-26T18:15:08.660Z","related":["SUSE-SU-2022:0110-1","SUSE-SU-2022:0111-1","openSUSE-SU-2022:0111-1","openSUSE-SU-2024:11770-1"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2022-0175"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202210-05"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2039003"},{"type":"FIX","url":"https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/b05bb61f454eeb8a85164c8a31510aeb9d79129c"},{"type":"FIX","url":"https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/654"},{"type":"FIX","url":"https://security-tracker.debian.org/tracker/CVE-2022-0175"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.freedesktop.org/virgl/virglrenderer","events":[{"introduced":"0"},{"last_affected":"2cd0803574117cfbf71feb4f6d28f712d8184a8e"},{"introduced":"0"},{"last_affected":"363915595e05fb252e70d6514be2f0c0b5ca312b"},{"fixed":"b05bb61f454eeb8a85164c8a31510aeb9d79129c"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.9.0"},{"introduced":"0"},{"last_affected":"0.9.1"}]}}],"versions":["0.8.2","0.9.0","0.9.1","virglrenderer-0.2.0","virglrenderer-0.4.0","virglrenderer-0.5.0","virglrenderer-0.6.0","virglrenderer-0.7.0","virglrenderer-0.8.0","virglrenderer-0.8.1","virglrenderer-0.8.2","virglrenderer-0.9.0","virglrenderer-0.9.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-0175.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]}],"vanir_signatures_modified":"2026-04-11T23:37:22Z","vanir_signatures":[{"source":"https://gitlab.freedesktop.org/virgl/virglrenderer@b05bb61f454eeb8a85164c8a31510aeb9d79129c","deprecated":false,"signature_version":"v1","target":{"file":"tests/test_virgl_transfer.c","function":"virgl_init_suite"},"signature_type":"Function","digest":{"length":2722,"function_hash":"256077146312398307471656162861090729801"},"id":"CVE-2022-0175-18f1c017"},{"id":"CVE-2022-0175-292c6ef2","signature_version":"v1","deprecated":false,"target":{"file":"tests/test_virgl_transfer.c"},"source":"https://gitlab.freedesktop.org/virgl/virglrenderer@b05bb61f454eeb8a85164c8a31510aeb9d79129c","digest":{"threshold":0.9,"line_hashes":["96994566600589557309500908919060242648","277401736489299688690648715224349534235","298448684836469699733780436333872573349","35589618375021518938544604778652425168","95612179803856558666978191200428401238","314290784626386590002303889065489234740","152890258249067159615900496431663124396"]},"signature_type":"Line"},{"source":"https://gitlab.freedesktop.org/virgl/virglrenderer@b05bb61f454eeb8a85164c8a31510aeb9d79129c","signature_version":"v1","deprecated":false,"target":{"file":"src/vrend_renderer.c","function":"vrend_resource_alloc_buffer"},"signature_type":"Function","digest":{"length":1696,"function_hash":"206136490597754712570222257618109303063"},"id":"CVE-2022-0175-5d1437e9"},{"id":"CVE-2022-0175-dcc988f7","signature_version":"v1","deprecated":false,"target":{"file":"src/vrend_renderer.c"},"source":"https://gitlab.freedesktop.org/virgl/virglrenderer@b05bb61f454eeb8a85164c8a31510aeb9d79129c","digest":{"threshold":0.9,"line_hashes":["74457806406748915352932023931697253405","33931677254939213498023179985908133204","44080038900611517499805128567371414839","63185170069030426663596365225759103433"]},"signature_type":"Line"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}