ByteOS Network

▼CVE Numbering Authority (CNA)

A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure.

Affected Products

Vendor

n/a

Product

virglrenderer

Versions

Affected

Affects v0.9.0 and later.

Problem Types

Type	CWE ID	Description
CWE	CWE-909	CWE-909 - Missing Initialization of Resource

Type: CWE

CWE ID: CWE-909

Description: CWE-909 - Missing Initialization of Resource

References

Hyperlink	Resource
https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/654	N/A
https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/b05bb61f454eeb8a85164c8a31510aeb9d79129c	N/A
https://bugzilla.redhat.com/show_bug.cgi?id=2039003	N/A
https://security-tracker.debian.org/tracker/CVE-2022-0175	N/A
https://access.redhat.com/security/cve/CVE-2022-0175	N/A
https://security.gentoo.org/glsa/202210-05	vendor-advisory

Hyperlink: https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/654

Resource: N/A

Hyperlink: https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/b05bb61f454eeb8a85164c8a31510aeb9d79129c

Resource: N/A

Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2039003

Resource: N/A

Hyperlink: https://security-tracker.debian.org/tracker/CVE-2022-0175

Resource: N/A

Hyperlink: https://access.redhat.com/security/cve/CVE-2022-0175

Resource: N/A

Hyperlink: https://security.gentoo.org/glsa/202210-05

Resource:

vendor-advisory

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Hyperlink	Resource
https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/654	x_transferred
https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/b05bb61f454eeb8a85164c8a31510aeb9d79129c	x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=2039003	x_transferred
https://security-tracker.debian.org/tracker/CVE-2022-0175	x_transferred
https://access.redhat.com/security/cve/CVE-2022-0175	x_transferred
https://security.gentoo.org/glsa/202210-05	vendor-advisory x_transferred