Advisories ยป MGASA-2022-0401

Updated virglrenderer packages fix security vulnerability

Publication date: 01 Nov 2022
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-0135 , CVE-2022-0175


An out-of-bounds write issue was found in the VirGL virtual OpenGL
renderer (virglrenderer). This flaw allows a malicious guest to create a
specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER
ioctl, leading to a denial of service or possible code execution.

A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The
virgl did not properly initialize memory when allocating a host-backed
memory resource. A malicious guest could use this flaw to mmap from the
guest kernel and read this uninitialized memory from the host, possibly
leading to information disclosure. (CVE-2022-0175)