StarlingX

[Debian] High CVE: CVE-2022-0135: virglrenderer a denial of service or possible code execution

Bug #2021541 reported by Yue Tao on 2023-05-30

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	StarlingX	Fix Released	High	hqbai

Bug Description

CVE-2022-0135: https://nvd.nist.gov/vuln/detail/CVE-2022-0135

An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl, leading to a denial of service or possible code execution.

Base Score: High

References:

https://security-tracker.debian.org/tracker/CVE-2022-0135

['libvirglrenderer-dev_0.8.2-5_amd64.deb===>libvirglrenderer-dev_0.8.2-5+deb11u1_amd64.deb', 'libvirglrenderer1_0.8.2-5_amd64.deb===>libvirglrenderer1_0.8.2-5+deb11u1_amd64.deb']

Tags:

CVE References

2022-0135

Yue Tao (wrytao) on 2023-05-30

Changed in starlingx:
importance:	Undecided → High
status:	New → Incomplete
status:	Incomplete → Triaged

hqbai (hbai) on 2023-06-13

Changed in starlingx:
assignee:	nobody → hqbai (hbai)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-06-16: Fix proposed to tools (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/tools/+/886238

Changed in starlingx:
status:	Triaged → In Progress

Revision history for this message

Ghada Khalil (gkhalil) wrote on 2023-08-05:

Merged on Jun 24, but the LP status was not automatically updated.

tags:	added: stx.9.0 stx.security
Changed in starlingx:
status:	In Progress → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.