CVE-2019-18389

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-18389
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-18389.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-18389
Downstream
Related
Published
2019-12-23T16:15:11Z
Modified
2025-10-21T04:55:35.384634Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A heap-based buffer overflow in the vrendrenderertransferwriteiov function in vrendrenderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service, or QEMU guest-to-host escape and code execution, via VIRGLCCMDRESOURCEINLINE_WRITE commands.

References

Affected packages

Git / gitlab.freedesktop.org/virgl/virglrenderer

Affected ranges

Type
GIT
Repo
https://gitlab.freedesktop.org/virgl/virglrenderer
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
cbc8d8b75be360236cada63784046688aeb6d921

Affected versions

virglrenderer-0.*

virglrenderer-0.2.0
virglrenderer-0.4.0
virglrenderer-0.5.0
virglrenderer-0.6.0
virglrenderer-0.7.0
virglrenderer-0.8.0

Database specific

vanir_signatures

[
    {
        "source": "https://gitlab.freedesktop.org/virgl/virglrenderer@cbc8d8b75be360236cada63784046688aeb6d921",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "file": "src/virgl_hw.h"
        },
        "id": "CVE-2019-18389-12f47810",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "212982511386522358746273595671342497611",
                "176747774204209346806457768416224481165",
                "169961600532525220405558589553595170244"
            ]
        },
        "signature_type": "Line"
    },
    {
        "source": "https://gitlab.freedesktop.org/virgl/virglrenderer@cbc8d8b75be360236cada63784046688aeb6d921",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "file": "src/vrend_renderer.c"
        },
        "id": "CVE-2019-18389-203ebfe0",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "150023804409513975484122868535164136886",
                "189283878556883249191112801145573941720",
                "2708861587290119798094756257004263193",
                "273175914684112087963643696582796120737",
                "323302747453226056343584605309866162966",
                "19447575492423849005765873006358988003",
                "181403213380005488052820626626725544696",
                "182022676534866431682732151249749610299",
                "263897265348195184485703119549565851941",
                "40029899954140331364357814857549437191",
                "65797140655162890820635426628676327462",
                "41198977083158660322491202228300537822",
                "7824466507393594217165901777151291835",
                "210342644148727675093932111662672900398",
                "87142903983319738237289855629501246278",
                "181290981331351594553469463719138539450",
                "260826916990242396476795429736978634242",
                "188947903820730673702306011043215310128",
                "271460832934047377462164318394240116979",
                "45733689806069258237816196943054068304",
                "322040750450432822753016762875383628083",
                "101946048269740007793673467700116581699",
                "160342889137666347841325691495378316651"
            ]
        },
        "signature_type": "Line"
    },
    {
        "source": "https://gitlab.freedesktop.org/virgl/virglrenderer@cbc8d8b75be360236cada63784046688aeb6d921",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "function": "vrend_renderer_transfer_iov",
            "file": "src/vrend_renderer.c"
        },
        "id": "CVE-2019-18389-d1eccb1c",
        "digest": {
            "length": 1233.0,
            "function_hash": "74716657909445027734381147258483684542"
        },
        "signature_type": "Function"
    },
    {
        "source": "https://gitlab.freedesktop.org/virgl/virglrenderer@cbc8d8b75be360236cada63784046688aeb6d921",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "function": "check_transfer_bounds",
            "file": "src/vrend_renderer.c"
        },
        "id": "CVE-2019-18389-e12fc0e5",
        "digest": {
            "length": 1249.0,
            "function_hash": "284910439952181846112313075504416121027"
        },
        "signature_type": "Function"
    }
]