CVE-2022-0135 — Vulnetix

CVE-2022-0135 PUBLISHED CVSS 7.800000190734863 HIGH

An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl, leading to a denial of service or possible code execution.

EPSS 0.13% · 31.9th percentile

Risk Scores

CVSS v3.1

7.800000190734863

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.13%

31.9th percentile

Affected Products

Vendor	Product	Versions
debian	debian_linux	10.0
virglrenderer_project	virglrenderer	0.8.1
n/a	virglrenderer	*
redhat	enterprise_linux	8.0

Timeline

Feb 17, 2022 CVE Published
Aug 26, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 11, 2022 EPSS Score
Nov 25, 2022 EPSS Score
Jan 10, 2023 EPSS Score
Feb 24, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 11, 2023 EPSS Score
Jul 11, 2023 EPSS Score
Aug 25, 2023 EPSS Score
Oct 10, 2023 EPSS Score

References

https://bugzilla.redhat.com/show_bug.cgi?id=2037790 url
GLSA-202210-05 vendor-advisory
[debian-lts-announce] 20221207 [SECURITY] [DLA 3232-1] virglrenderer security update mailing-list
https://nvd.nist.gov/vuln/detail/CVE-2022-0135 advisory

Open in Interactive Console →