CVE-2022-0175 — Vulnetix

CVE-2022-0175 PUBLISHED CVSS 5.5 MEDIUM

A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure.

EPSS 0.12% · 30.5th percentile

Risk Scores

CVSS v3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Score

0.12%

30.5th percentile

Affected Products

Vendor	Product	Versions
n/a	virglrenderer	Affects v0.9.0 and later.
virglrenderer_project	virglrenderer	0.9.0, 0.9.1
redhat	enterprise_linux	8.0

Timeline

Jan 18, 2022 CVE Published
Aug 27, 2022 EPSS Score
Oct 12, 2022 EPSS Score
Nov 26, 2022 EPSS Score
Jan 11, 2023 EPSS Score
Feb 25, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 12, 2023 EPSS Score
May 27, 2023 EPSS Score
Jul 12, 2023 EPSS Score
Aug 26, 2023 EPSS Score
Oct 11, 2023 EPSS Score

References

https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/654 url
https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/b05bb61f454eeb8a85164c8a31510aeb9d79129c url
https://bugzilla.redhat.com/show_bug.cgi?id=2039003 url
https://security-tracker.debian.org/tracker/CVE-2022-0175 url
https://access.redhat.com/security/cve/CVE-2022-0175 url
GLSA-202210-05 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2022-0175 advisory

Open in Interactive Console →