{"id":"MGASA-2022-0401","summary":"Updated virglrenderer packages fix security vulnerability","details":"An out-of-bounds write issue was found in the VirGL virtual OpenGL\nrenderer (virglrenderer). This flaw allows a malicious guest to create a\nspecially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER\nioctl, leading to a denial of service or possible code execution.\n(CVE-2022-0135)\n\nA flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The\nvirgl did not properly initialize memory when allocating a host-backed\nmemory resource. A malicious guest could use this flaw to mmap from the\nguest kernel and read this uninitialized memory from the host, possibly\nleading to information disclosure. (CVE-2022-0175)\n","modified":"2026-02-04T02:59:52.855728Z","published":"2022-11-01T22:58:59Z","related":["CVE-2022-0135","CVE-2022-0175"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2022-0401.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=29903"},{"type":"REPORT","url":"https://lists.suse.com/pipermail/sle-security-updates/2022-January/010013.html"},{"type":"REPORT","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LNFLD35UGUIRPTGF3HA3JP2MXLLHWPIX/"},{"type":"REPORT","url":"https://lists.suse.com/pipermail/sle-security-updates/2022-February/010243.html"},{"type":"REPORT","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EQXVEUIFIMFD6G5N2JBQ2A6XUYVZBCSY/"},{"type":"REPORT","url":"https://ubuntu.com/security/notices/USN-5309-1"}],"affected":[{"package":{"name":"virglrenderer","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/virglrenderer?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.8.2-1.20200212git7d204f39.1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0401.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}