CVE-2022-0175
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-0175
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-0175.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-0175
- Downstream
- Related
- Published
- 2022-08-26T18:15:08.660Z
- Modified
- 2025-11-20T11:57:31.010140Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure.
- References
-
- https://access.redhat.com/security/cve/CVE-2022-0175
- https://bugzilla.redhat.com/show_bug.cgi?id=2039003
- https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/b05bb61f454eeb8a85164c8a31510aeb9d79129c
- https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/654
- https://security-tracker.debian.org/tracker/CVE-2022-0175
- https://security.gentoo.org/glsa/202210-05
Affected packages
Git / gitlab.freedesktop.org/virgl/virglrenderer
Affected ranges
- Type
- GIT
- Repo
- https://gitlab.freedesktop.org/virgl/virglrenderer
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.8.2
0.9.0
virglrenderer-0.*
virglrenderer-0.2.0
virglrenderer-0.4.0
virglrenderer-0.5.0
virglrenderer-0.6.0
virglrenderer-0.7.0
virglrenderer-0.8.0
virglrenderer-0.8.1
virglrenderer-0.8.2
virglrenderer-0.9.0
Database specific
vanir_signatures
[
{
"target": {
"file": "tests/test_virgl_transfer.c",
"function": "virgl_init_suite"
},
"digest": {
"length": 2722.0,
"function_hash": "256077146312398307471656162861090729801"
},
"source": "https://gitlab.freedesktop.org/virgl/virglrenderer@b05bb61f454eeb8a85164c8a31510aeb9d79129c",
"signature_version": "v1",
"id": "CVE-2022-0175-18f1c017",
"deprecated": false,
"signature_type": "Function"
},
{
"target": {
"file": "tests/test_virgl_transfer.c"
},
"digest": {
"line_hashes": [
"96994566600589557309500908919060242648",
"277401736489299688690648715224349534235",
"298448684836469699733780436333872573349",
"35589618375021518938544604778652425168",
"95612179803856558666978191200428401238",
"314290784626386590002303889065489234740",
"152890258249067159615900496431663124396"
],
"threshold": 0.9
},
"source": "https://gitlab.freedesktop.org/virgl/virglrenderer@b05bb61f454eeb8a85164c8a31510aeb9d79129c",
"signature_version": "v1",
"id": "CVE-2022-0175-292c6ef2",
"deprecated": false,
"signature_type": "Line"
},
{
"target": {
"file": "src/vrend_renderer.c",
"function": "vrend_resource_alloc_buffer"
},
"digest": {
"length": 1696.0,
"function_hash": "206136490597754712570222257618109303063"
},
"source": "https://gitlab.freedesktop.org/virgl/virglrenderer@b05bb61f454eeb8a85164c8a31510aeb9d79129c",
"signature_version": "v1",
"id": "CVE-2022-0175-5d1437e9",
"deprecated": false,
"signature_type": "Function"
},
{
"target": {
"file": "src/vrend_renderer.c"
},
"digest": {
"line_hashes": [
"74457806406748915352932023931697253405",
"33931677254939213498023179985908133204",
"44080038900611517499805128567371414839",
"63185170069030426663596365225759103433"
],
"threshold": 0.9
},
"source": "https://gitlab.freedesktop.org/virgl/virglrenderer@b05bb61f454eeb8a85164c8a31510aeb9d79129c",
"signature_version": "v1",
"id": "CVE-2022-0175-dcc988f7",
"deprecated": false,
"signature_type": "Line"
}
]