CVE-2019-18390

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-18390

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-18390.json

Related

DLA-3232-1

Published

2019-12-23T16:15:11Z

Modified

2024-05-14T06:59:28.033698Z

Summary

[none]

Details

An out-of-bounds read in the vrendblitneedswizzle function in vrendrenderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGLCCMDBLIT commands.

References

https://lists.debian.org/debian-lts-announce/2022/12/msg00017.html
https://bugzilla.redhat.com/show_bug.cgi?id=1765584
https://gitlab.freedesktop.org/virgl/virglrenderer/commit/24f67de7a9088a873844a39be03cee6882260ac9
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00028.html
https://access.redhat.com/security/cve/cve-2019-18390
https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314/diffs?commit_id=d2cdbcf6a8f2317f250fd54f08aa35dde2fa3e30#3cd772559e0d73afa136d6818023cfd0c4c8ecc0_0_151

Affected packages

Alpine:v3.11 / virglrenderer

Package

Name: virglrenderer

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0.8.1-r0

Affected versions

0.*

0.6.0-r1

0.7.0-r0

0.7.0-r1

0.8.0-r1