Launchpad CVE tracker

CVE 2022-0175

A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure.

Related bugs and status

CVE-2022-0175 (Candidate) is related to these bugs:

Bug #1950784: information leak from host to guest in the virglrenderer

		In	Importance	Status
1950784	information leak from host to guest in the virglrenderer	virglrenderer (Ubuntu)	Undecided	Fix Released
1950784	information leak from host to guest in the virglrenderer	virglrenderer (Ubuntu Focal)	Undecided	Fix Released
1950784	information leak from host to guest in the virglrenderer	virglrenderer (Ubuntu Impish)	Undecided	Fix Released
1950784	information leak from host to guest in the virglrenderer	virglrenderer (Ubuntu Bionic)	Undecided	Triaged

Bug #1950940: Integer underflow in the vrend_decode_set_shader_images() on virglrenderer

Summary				In	Importance	Status
	1950940	Integer underflow in the vrend_decode_set_shader_images() on virglrenderer		virglrenderer (Ubuntu)	Undecided	New

Bug #1993453: Merge virglrenderer from Debian unstable for lunar

Summary				In	Importance	Status
	1993453	Merge virglrenderer from Debian unstable for lunar		virglrenderer (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2022-0175

References