An out-of-bounds read in the vrend_blit_need_swizzle function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_BLIT commands.
{"ubuntucve": [{"lastseen": "2023-12-07T14:31:56", "description": "An out-of-bounds read in the vrend_blit_need_swizzle function in\nvrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to\ncause a denial of service via VIRGL_CCMD_BLIT commands.\n\n#### Bugs\n\n * <https://bugzilla.redhat.com/show_bug.cgi?id=1765584>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | Nothing in bionic actually uses this package, so we will not be releasing a fix for it. Marking as ignored.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2019-12-23T00:00:00", "type": "ubuntucve", "title": "CVE-2019-18390", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-18390"], "modified": "2019-12-23T00:00:00", "id": "UB:CVE-2019-18390", "href": "https://ubuntu.com/security/CVE-2019-18390", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:P"}}], "prion": [{"lastseen": "2023-11-22T02:07:30", "description": "An out-of-bounds read in the vrend_blit_need_swizzle function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_BLIT commands.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2019-12-23T16:15:00", "type": "prion", "title": "Cross site scripting", "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-18390"], "modified": "2023-02-03T18:42:00", "id": "PRION:CVE-2019-18390", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2019-18390", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:P"}}], "cve": [{"lastseen": "2023-12-06T14:59:05", "description": "An out-of-bounds read in the vrend_blit_need_swizzle function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_BLIT commands.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2019-12-23T16:15:00", "type": "cve", "title": "CVE-2019-18390", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-18390"], "modified": "2023-02-03T18:42:00", "cpe": ["cpe:/a:virglrenderer_project:virglrenderer:0.8.0", "cpe:/o:opensuse:leap:15.1", "cpe:/o:redhat:enterprise_linux:8.0", "cpe:/o:debian:debian_linux:10.0"], "id": "CVE-2019-18390", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18390", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:P"}, "cpe23": ["cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe:2.3:a:virglrenderer_project:virglrenderer:0.8.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*"]}], "veracode": [{"lastseen": "2023-04-18T12:53:40", "description": "virglrenderer is vulnerable to denial of service (DoS). The vulnerability exists as an out-of-bounds read in the vrend_blit_need_swizzle function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_BLIT commands.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2020-08-06T21:34:57", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-18390"], "modified": "2023-02-03T19:34:58", "id": "VERACODE:26183", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-26183/summary", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:P"}}], "redhatcve": [{"lastseen": "2023-12-08T06:33:37", "description": "An out-of-bounds read in the vrend_blit_need_swizzle function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_BLIT commands.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2019-12-18T06:36:23", "type": "redhatcve", "title": "CVE-2019-18390", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-18390"], "modified": "2023-04-06T06:14:03", "id": "RH:CVE-2019-18390", "href": "https://access.redhat.com/security/cve/cve-2019-18390", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:P"}}], "osv": [{"lastseen": "2023-02-03T20:37:00", "description": "An out-of-bounds read in the vrend_blit_need_swizzle function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_BLIT commands.", "cvss3": {}, "published": "2019-12-23T16:15:00", "type": "osv", "title": "CVE-2019-18390", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2019-18390"], "modified": "2023-02-03T20:36:56", "id": "OSV:CVE-2019-18390", "href": "https://osv.dev/vulnerability/CVE-2019-18390", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-28T06:25:41", "description": "\nSeveral security vulnerabilities were discovered in virglrenderer, a\nvirtual GPU for KVM virtualization.\n\n\n* [CVE-2019-18388](https://security-tracker.debian.org/tracker/CVE-2019-18388)\nA NULL pointer dereference in vrend\\_renderer.c in virglrenderer through\n 0.8.0 allows guest OS users to cause a denial of service via malformed\n commands.\n* [CVE-2019-18389](https://security-tracker.debian.org/tracker/CVE-2019-18389)\nA heap-based buffer overflow in the vrend\\_renderer\\_transfer\\_write\\_iov\n function in vrend\\_renderer.c in virglrenderer through 0.8.0 allows\n guest OS users to cause a denial of service, or QEMU guest-to-host\n escape and code execution, via VIRGL\\_CCMD\\_RESOURCE\\_INLINE\\_WRITE\n commands.\n* [CVE-2019-18390](https://security-tracker.debian.org/tracker/CVE-2019-18390)\nAn out-of-bounds read in the vrend\\_blit\\_need\\_swizzle function in\n vrend\\_renderer.c in virglrenderer through 0.8.0 allows guest OS\n users to cause a denial of service via VIRGL\\_CCMD\\_BLIT commands.\n* [CVE-2019-18391](https://security-tracker.debian.org/tracker/CVE-2019-18391)\nA heap-based buffer overflow in the vrend\\_renderer\\_transfer\\_write\\_iov\n function in vrend\\_renderer.c in virglrenderer through 0.8.0 allows\n guest OS users to cause a denial of service via\n VIRGL\\_CCMD\\_RESOURCE\\_INLINE\\_WRITE commands.\n* [CVE-2020-8002](https://security-tracker.debian.org/tracker/CVE-2020-8002)\nA NULL pointer dereference in vrend\\_renderer.c in virglrenderer through\n 0.8.1 allows attackers to cause a denial of service via commands that attempt\n to launch a grid without previously providing a Compute Shader (CS).\n* [CVE-2020-8003](https://security-tracker.debian.org/tracker/CVE-2020-8003)\nA double-free vulnerability in vrend\\_renderer.c in virglrenderer through\n 0.8.1 allows attackers to cause a denial of service by triggering texture\n allocation failure, because vrend\\_renderer\\_resource\\_allocated\\_texture is not an\n appropriate place for a free.\n* [CVE-2022-0135](https://security-tracker.debian.org/tracker/CVE-2022-0135)\nAn out-of-bounds write issue was found in the VirGL virtual OpenGL renderer\n (virglrenderer). This flaw allows a malicious guest to create a specially\n crafted virgil resource and then issue a VIRTGPU\\_EXECBUFFER ioctl, leading to a\n denial of service or possible code execution.\n\n\nFor Debian 10 buster, these problems have been fixed in version\n0.7.0-2+deb10u1.\n\n\nWe recommend that you upgrade your virglrenderer packages.\n\n\nFor the detailed security status of virglrenderer please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/virglrenderer>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-07T00:00:00", "type": "osv", "title": "virglrenderer - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-18388", "CVE-2019-18389", "CVE-2019-18390", "CVE-2019-18391", "CVE-2020-8002", "CVE-2020-8003", "CVE-2022-0135"], "modified": "2023-06-28T06:25:39", "id": "OSV:DLA-3232-1", "href": "https://osv.dev/vulnerability/DLA-3232-1", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2023-12-06T18:28:09", "description": "An out-of-bounds read in the vrend_blit_need_swizzle function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_BLIT commands.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2019-12-23T16:15:00", "type": "debiancve", "title": "CVE-2019-18390", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-18390"], "modified": "2019-12-23T16:15:00", "id": "DEBIANCVE:CVE-2019-18390", "href": "https://security-tracker.debian.org/tracker/CVE-2019-18390", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:P"}}], "nessus": [{"lastseen": "2023-05-18T15:07:02", "description": "According to the versions of the virglrenderer packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service, or QEMU guest-to-host escape and code execution, via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands.(CVE-2019-18389)\n\n - An out-of-bounds read in the vrend_blit_need_swizzle function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_BLIT commands.(CVE-2019-18390)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-08-28T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : virglrenderer (EulerOS-SA-2020-1888)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18389", "CVE-2019-18390"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:virglrenderer", "p-cpe:/a:huawei:euleros:virglrenderer-devel", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1888.NASL", "href": "https://www.tenable.com/plugins/nessus/139991", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139991);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-18389\",\n \"CVE-2019-18390\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : virglrenderer (EulerOS-SA-2020-1888)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the virglrenderer packages installed,\nthe EulerOS installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - A heap-based buffer overflow in the\n vrend_renderer_transfer_write_iov function in\n vrend_renderer.c in virglrenderer through 0.8.0 allows\n guest OS users to cause a denial of service, or QEMU\n guest-to-host escape and code execution, via\n VIRGL_CCMD_RESOURCE_INLINE_WRITE\n commands.(CVE-2019-18389)\n\n - An out-of-bounds read in the vrend_blit_need_swizzle\n function in vrend_renderer.c in virglrenderer through\n 0.8.0 allows guest OS users to cause a denial of\n service via VIRGL_CCMD_BLIT commands.(CVE-2019-18390)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1888\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7b42a6d6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected virglrenderer packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:virglrenderer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:virglrenderer-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"virglrenderer-0.6.0-8.20170210git76b3da97b.eulerosv2r8\",\n \"virglrenderer-devel-0.6.0-8.20170210git76b3da97b.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"virglrenderer\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:08:29", "description": "According to the versions of the virglrenderer package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - An out-of-bounds read in the vrend_blit_need_swizzle function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_BLIT commands.(CVE-2019-18390)\n\n - A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service, or QEMU guest-to-host escape and code execution, via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands.(CVE-2019-18389)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-09-29T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.6.0 : virglrenderer (EulerOS-SA-2020-2042)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18389", "CVE-2019-18390"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:virglrenderer", "cpe:/o:huawei:euleros:uvp:3.0.6.0"], "id": "EULEROS_SA-2020-2042.NASL", "href": "https://www.tenable.com/plugins/nessus/140990", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140990);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-18389\",\n \"CVE-2019-18390\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.6.0 : virglrenderer (EulerOS-SA-2020-2042)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the virglrenderer package installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - An out-of-bounds read in the vrend_blit_need_swizzle\n function in vrend_renderer.c in virglrenderer through\n 0.8.0 allows guest OS users to cause a denial of\n service via VIRGL_CCMD_BLIT commands.(CVE-2019-18390)\n\n - A heap-based buffer overflow in the\n vrend_renderer_transfer_write_iov function in\n vrend_renderer.c in virglrenderer through 0.8.0 allows\n guest OS users to cause a denial of service, or QEMU\n guest-to-host escape and code execution, via\n VIRGL_CCMD_RESOURCE_INLINE_WRITE\n commands.(CVE-2019-18389)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2042\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d72e5dfa\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected virglrenderer packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:virglrenderer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"virglrenderer-0.6.0-8.20170210git76b3da97b.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"virglrenderer\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:22:34", "description": "According to the versions of the virglrenderer package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - A heap-based buffer overflow flaw was found in virglrenderer. The vrend_renderer_transfer_write_iov function allows guest OS users to cause a denial of service or a QEMU guest-to-host escape with code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as to system availability.(CVE-2019-18389)\n\n - An out-of-bounds read in the vrend_blit_need_swizzle function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_BLIT commands.(CVE-2019-18390)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-09-08T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : virglrenderer (EulerOS-SA-2020-1970)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18389", "CVE-2019-18390"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:virglrenderer", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2020-1970.NASL", "href": "https://www.tenable.com/plugins/nessus/140340", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140340);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-18389\",\n \"CVE-2019-18390\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : virglrenderer (EulerOS-SA-2020-1970)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the virglrenderer package installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - A heap-based buffer overflow flaw was found in\n virglrenderer. The vrend_renderer_transfer_write_iov\n function allows guest OS users to cause a denial of\n service or a QEMU guest-to-host escape with code\n execution. The highest threat from this vulnerability\n is to data confidentiality and integrity as well as to\n system availability.(CVE-2019-18389)\n\n - An out-of-bounds read in the vrend_blit_need_swizzle\n function in vrend_renderer.c in virglrenderer through\n 0.8.0 allows guest OS users to cause a denial of\n service via VIRGL_CCMD_BLIT commands.(CVE-2019-18390)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1970\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8f98cd10\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected virglrenderer packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:virglrenderer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"virglrenderer-0.6.0-2.20170210git76b3da97b\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"virglrenderer\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:02:03", "description": "This update for virglrenderer fixes the following issues :\n\nCVE-2019-18388: Fixed a NULL pointer dereference which could have led to denial of service (bsc#1159479).\n\nCVE-2019-18390: Fixed an out of bound read which could have led to denial of service (bsc#1159478).\n\nCVE-2019-18389: Fixed a heap buffer overflow which could have led to guest escape or denial of service (bsc#1159482).\n\nCVE-2019-18391: Fixed a heap-based buffer overflow which could have led to guest escape or denial of service (bsc#1159486).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-01-08T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : virglrenderer (SUSE-SU-2020:0016-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18388", "CVE-2019-18389", "CVE-2019-18390", "CVE-2019-18391"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libvirglrenderer0", "p-cpe:/a:novell:suse_linux:libvirglrenderer0-debuginfo", "p-cpe:/a:novell:suse_linux:virglrenderer-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-0016-1.NASL", "href": "https://www.tenable.com/plugins/nessus/132702", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:0016-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132702);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2019-18388\", \"CVE-2019-18389\", \"CVE-2019-18390\", \"CVE-2019-18391\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : virglrenderer (SUSE-SU-2020:0016-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for virglrenderer fixes the following issues :\n\nCVE-2019-18388: Fixed a NULL pointer dereference which could have led\nto denial of service (bsc#1159479).\n\nCVE-2019-18390: Fixed an out of bound read which could have led to\ndenial of service (bsc#1159478).\n\nCVE-2019-18389: Fixed a heap buffer overflow which could have led to\nguest escape or denial of service (bsc#1159482).\n\nCVE-2019-18391: Fixed a heap-based buffer overflow which could have\nled to guest escape or denial of service (bsc#1159486).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159479\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159482\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159486\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-18388/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-18389/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-18390/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-18391/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20200016-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dd772006\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 8:zypper in -t patch\nSUSE-OpenStack-Cloud-Crowbar-8-2020-16=1\n\nSUSE OpenStack Cloud 8:zypper in -t patch\nSUSE-OpenStack-Cloud-8-2020-16=1\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2020-16=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5:zypper in -t\npatch SUSE-SLE-SDK-12-SP5-2020-16=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2020-16=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3:zypper in -t patch\nSUSE-SLE-SAP-12-SP3-2020-16=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2020-16=1\n\nSUSE Linux Enterprise Server 12-SP5:zypper in -t patch\nSUSE-SLE-SERVER-12-SP5-2020-16=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2020-16=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2020-16=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-BCL-2020-16=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2020-16=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2020-16=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2020-16=1\n\nSUSE Enterprise Storage 5:zypper in -t patch SUSE-Storage-5-2020-16=1\n\nHPE Helion Openstack 8:zypper in -t patch\nHPE-Helion-OpenStack-8-2020-16=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirglrenderer0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirglrenderer0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:virglrenderer-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4/5\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvirglrenderer0-0.5.0-12.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libvirglrenderer0-debuginfo-0.5.0-12.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"virglrenderer-debugsource-0.5.0-12.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirglrenderer0-0.5.0-12.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libvirglrenderer0-debuginfo-0.5.0-12.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"virglrenderer-debugsource-0.5.0-12.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libvirglrenderer0-0.5.0-12.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libvirglrenderer0-debuginfo-0.5.0-12.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"virglrenderer-debugsource-0.5.0-12.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libvirglrenderer0-0.5.0-12.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libvirglrenderer0-debuginfo-0.5.0-12.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"virglrenderer-debugsource-0.5.0-12.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirglrenderer0-0.5.0-12.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirglrenderer0-debuginfo-0.5.0-12.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"virglrenderer-debugsource-0.5.0-12.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"virglrenderer\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:55:47", "description": "This update for virglrenderer fixes the following issues :\n\n - CVE-2019-18388: Fixed a NULL pointer dereference which could have led to denial of service (bsc#1159479).\n\n - CVE-2019-18390: Fixed an out of bound read which could have led to denial of service (bsc#1159478).\n\n - CVE-2019-18389: Fixed a heap buffer overflow which could have led to guest escape or denial of service (bsc#1159482).\n\n - CVE-2019-18391: Fixed a heap based buffer overflow which could have led to guest escape or denial of service (bsc#1159486). \n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2020-01-15T00:00:00", "type": "nessus", "title": "openSUSE Security Update : virglrenderer (openSUSE-2020-58)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18388", "CVE-2019-18389", "CVE-2019-18390", "CVE-2019-18391"], "modified": "2020-01-17T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libvirglrenderer0", "p-cpe:/a:novell:opensuse:libvirglrenderer0-debuginfo", "p-cpe:/a:novell:opensuse:virglrenderer-debuginfo", "p-cpe:/a:novell:opensuse:virglrenderer-debugsource", "p-cpe:/a:novell:opensuse:virglrenderer-devel", "p-cpe:/a:novell:opensuse:virglrenderer-test-server", "p-cpe:/a:novell:opensuse:virglrenderer-test-server-debuginfo", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-58.NASL", "href": "https://www.tenable.com/plugins/nessus/132919", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-58.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132919);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/17\");\n\n script_cve_id(\"CVE-2019-18388\", \"CVE-2019-18389\", \"CVE-2019-18390\", \"CVE-2019-18391\");\n\n script_name(english:\"openSUSE Security Update : virglrenderer (openSUSE-2020-58)\");\n script_summary(english:\"Check for the openSUSE-2020-58 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for virglrenderer fixes the following issues :\n\n - CVE-2019-18388: Fixed a NULL pointer dereference which\n could have led to denial of service (bsc#1159479).\n\n - CVE-2019-18390: Fixed an out of bound read which could\n have led to denial of service (bsc#1159478).\n\n - CVE-2019-18389: Fixed a heap buffer overflow which could\n have led to guest escape or denial of service\n (bsc#1159482).\n\n - CVE-2019-18391: Fixed a heap based buffer overflow which\n could have led to guest escape or denial of service\n (bsc#1159486). \n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1159478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1159479\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1159482\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1159486\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected virglrenderer packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirglrenderer0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirglrenderer0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virglrenderer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virglrenderer-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virglrenderer-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virglrenderer-test-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virglrenderer-test-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libvirglrenderer0-0.6.0-lp151.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libvirglrenderer0-debuginfo-0.6.0-lp151.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virglrenderer-debuginfo-0.6.0-lp151.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virglrenderer-debugsource-0.6.0-lp151.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virglrenderer-devel-0.6.0-lp151.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virglrenderer-test-server-0.6.0-lp151.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"virglrenderer-test-server-debuginfo-0.6.0-lp151.4.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvirglrenderer0 / libvirglrenderer0-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:02:02", "description": "This update for virglrenderer fixes the following issues :\n\nCVE-2019-18388: Fixed a NULL pointer dereference which could have led to denial of service (bsc#1159479).\n\nCVE-2019-18390: Fixed an out of bound read which could have led to denial of service (bsc#1159478).\n\nCVE-2019-18389: Fixed a heap buffer overflow which could have led to guest escape or denial of service (bsc#1159482).\n\nCVE-2019-18391: Fixed a heap-based buffer overflow which could have led to guest escape or denial of service (bsc#1159486).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-01-08T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : virglrenderer (SUSE-SU-2020:0017-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18388", "CVE-2019-18389", "CVE-2019-18390", "CVE-2019-18391"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libvirglrenderer0", "p-cpe:/a:novell:suse_linux:libvirglrenderer0-debuginfo", "p-cpe:/a:novell:suse_linux:virglrenderer-debuginfo", "p-cpe:/a:novell:suse_linux:virglrenderer-debugsource", "p-cpe:/a:novell:suse_linux:virglrenderer-devel", "p-cpe:/a:novell:suse_linux:virglrenderer-test-server", "p-cpe:/a:novell:suse_linux:virglrenderer-test-server-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-0017-1.NASL", "href": "https://www.tenable.com/plugins/nessus/132703", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:0017-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132703);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2019-18388\", \"CVE-2019-18389\", \"CVE-2019-18390\", \"CVE-2019-18391\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : virglrenderer (SUSE-SU-2020:0017-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for virglrenderer fixes the following issues :\n\nCVE-2019-18388: Fixed a NULL pointer dereference which could have led\nto denial of service (bsc#1159479).\n\nCVE-2019-18390: Fixed an out of bound read which could have led to\ndenial of service (bsc#1159478).\n\nCVE-2019-18389: Fixed a heap buffer overflow which could have led to\nguest escape or denial of service (bsc#1159482).\n\nCVE-2019-18391: Fixed a heap-based buffer overflow which could have\nled to guest escape or denial of service (bsc#1159486).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159479\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159482\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159486\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-18388/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-18389/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-18390/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-18391/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20200017-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ef799c81\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Server Applications 15-SP1:zypper in\n-t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-17=1\n\nSUSE Linux Enterprise Module for Server Applications 15:zypper in -t\npatch SUSE-SLE-Module-Server-Applications-15-2020-17=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-17=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2020-17=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirglrenderer0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirglrenderer0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:virglrenderer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:virglrenderer-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:virglrenderer-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:virglrenderer-test-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:virglrenderer-test-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvirglrenderer0-0.6.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libvirglrenderer0-debuginfo-0.6.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"virglrenderer-debuginfo-0.6.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"virglrenderer-debugsource-0.6.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"virglrenderer-devel-0.6.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"virglrenderer-test-server-0.6.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"virglrenderer-test-server-debuginfo-0.6.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libvirglrenderer0-0.6.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libvirglrenderer0-debuginfo-0.6.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"virglrenderer-debuginfo-0.6.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"virglrenderer-debugsource-0.6.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"virglrenderer-devel-0.6.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"virglrenderer-test-server-0.6.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"virglrenderer-test-server-debuginfo-0.6.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"virglrenderer-debuginfo-0.6.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"virglrenderer-debugsource-0.6.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"virglrenderer-test-server-0.6.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"virglrenderer-test-server-debuginfo-0.6.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"virglrenderer-debuginfo-0.6.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"virglrenderer-debugsource-0.6.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"virglrenderer-test-server-0.6.0-4.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"virglrenderer-test-server-debuginfo-0.6.0-4.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"virglrenderer\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T18:39:35", "description": "The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3232 advisory.\n\n - A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via malformed commands. (CVE-2019-18388)\n\n - A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service, or QEMU guest-to-host escape and code execution, via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands. (CVE-2019-18389)\n\n - An out-of-bounds read in the vrend_blit_need_swizzle function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_BLIT commands. (CVE-2019-18390)\n\n - A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands. (CVE-2019-18391)\n\n - A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service via commands that attempt to launch a grid without previously providing a Compute Shader (CS). (CVE-2020-8002)\n\n - A double-free vulnerability in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service by triggering texture allocation failure, because vrend_renderer_resource_allocated_texture is not an appropriate place for a free. (CVE-2020-8003)\n\n - An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl, leading to a denial of service or possible code execution. (CVE-2022-0135)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-12-08T00:00:00", "type": "nessus", "title": "Debian DLA-3232-1 : virglrenderer - LTS security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18388", "CVE-2019-18389", "CVE-2019-18390", "CVE-2019-18391", "CVE-2020-8002", "CVE-2020-8003", "CVE-2022-0135"], "modified": "2022-12-08T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libvirglrenderer-dev", "p-cpe:/a:debian:debian_linux:libvirglrenderer0", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DLA-3232.NASL", "href": "https://www.tenable.com/plugins/nessus/168487", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dla-3232. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(168487);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/08\");\n\n script_cve_id(\n \"CVE-2019-18388\",\n \"CVE-2019-18389\",\n \"CVE-2019-18390\",\n \"CVE-2019-18391\",\n \"CVE-2020-8002\",\n \"CVE-2020-8003\",\n \"CVE-2022-0135\"\n );\n\n script_name(english:\"Debian DLA-3232-1 : virglrenderer - LTS security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndla-3232 advisory.\n\n - A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to\n cause a denial of service via malformed commands. (CVE-2019-18388)\n\n - A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in\n virglrenderer through 0.8.0 allows guest OS users to cause a denial of service, or QEMU guest-to-host\n escape and code execution, via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands. (CVE-2019-18389)\n\n - An out-of-bounds read in the vrend_blit_need_swizzle function in vrend_renderer.c in virglrenderer through\n 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_BLIT commands. (CVE-2019-18390)\n\n - A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in\n virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via\n VIRGL_CCMD_RESOURCE_INLINE_WRITE commands. (CVE-2019-18391)\n\n - A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a\n denial of service via commands that attempt to launch a grid without previously providing a Compute Shader\n (CS). (CVE-2020-8002)\n\n - A double-free vulnerability in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a\n denial of service by triggering texture allocation failure, because\n vrend_renderer_resource_allocated_texture is not an appropriate place for a free. (CVE-2020-8003)\n\n - An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw\n allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER\n ioctl, leading to a denial of service or possible code execution. (CVE-2022-0135)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946942\");\n # https://security-tracker.debian.org/tracker/source-package/virglrenderer\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cf8dd027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/lts/security/2022/dla-3232\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2019-18388\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2019-18389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2019-18390\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2019-18391\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-8002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-8003\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0135\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/buster/virglrenderer\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the virglrenderer packages.\n\nFor Debian 10 buster, these problems have been fixed in version 0.7.0-2+deb10u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-18389\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-0135\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libvirglrenderer-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libvirglrenderer0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar debian_release = get_kb_item('Host/Debian/release');\nif ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');\ndebian_release = chomp(debian_release);\nif (! preg(pattern:\"^(10)\\.[0-9]+\", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 10.0', 'Debian ' + debian_release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '10.0', 'prefix': 'libvirglrenderer-dev', 'reference': '0.7.0-2+deb10u1'},\n {'release': '10.0', 'prefix': 'libvirglrenderer0', 'reference': '0.7.0-2+deb10u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var _release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (_release && prefix && reference) {\n if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libvirglrenderer-dev / libvirglrenderer0');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "openvas": [{"lastseen": "2020-01-31T16:27:20", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-01-27T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for virglrenderer (openSUSE-SU-2020:0058_1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18388", "CVE-2019-18389", "CVE-2019-18390", "CVE-2019-18391"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852999", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852999", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852999\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2019-18388\", \"CVE-2019-18389\", \"CVE-2019-18390\", \"CVE-2019-18391\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-27 09:17:46 +0000 (Mon, 27 Jan 2020)\");\n script_name(\"openSUSE: Security Advisory for virglrenderer (openSUSE-SU-2020:0058_1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.1\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2020:0058-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2020-01/msg00028.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'virglrenderer'\n package(s) announced via the openSUSE-SU-2020:0058-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for virglrenderer fixes the following issues:\n\n - CVE-2019-18388: Fixed a null pointer dereference which could have led to\n denial of service (bsc#1159479).\n\n - CVE-2019-18390: Fixed an out of bound read which could have led to\n denial of service (bsc#1159478).\n\n - CVE-2019-18389: Fixed a heap buffer overflow which could have led to\n guest escape or denial of service (bsc#1159482).\n\n - CVE-2019-18391: Fixed a heap based buffer overflow which could have led\n to guest escape or denial of service (bsc#1159486).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-58=1\");\n\n script_tag(name:\"affected\", value:\"'virglrenderer' package(s) on openSUSE Leap 15.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirglrenderer0\", rpm:\"libvirglrenderer0~0.6.0~lp151.4.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirglrenderer0-debuginfo\", rpm:\"libvirglrenderer0-debuginfo~0.6.0~lp151.4.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virglrenderer-debuginfo\", rpm:\"virglrenderer-debuginfo~0.6.0~lp151.4.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virglrenderer-debugsource\", rpm:\"virglrenderer-debugsource~0.6.0~lp151.4.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virglrenderer-devel\", rpm:\"virglrenderer-devel~0.6.0~lp151.4.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virglrenderer-test-server\", rpm:\"virglrenderer-test-server~0.6.0~lp151.4.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virglrenderer-test-server-debuginfo\", rpm:\"virglrenderer-test-server-debuginfo~0.6.0~lp151.4.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2022-11-09T21:01:57", "description": "An update that fixes four vulnerabilities is now available.\n\nDescription:\n\n This update for virglrenderer fixes the following issues:\n\n - CVE-2019-18388: Fixed a null pointer dereference which could have led to\n denial of service (bsc#1159479).\n - CVE-2019-18390: Fixed an out of bound read which could have led to\n denial of service (bsc#1159478).\n - CVE-2019-18389: Fixed a heap buffer overflow which could have led to\n guest escape or denial of service (bsc#1159482).\n - CVE-2019-18391: Fixed a heap based buffer overflow which could have led\n to guest escape or denial of service (bsc#1159486).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-58=1", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-01-15T00:00:00", "type": "suse", "title": "Security update for virglrenderer (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-18388", "CVE-2019-18389", "CVE-2019-18390", "CVE-2019-18391"], "modified": "2020-01-15T00:00:00", "id": "OPENSUSE-SU-2020:0058-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FZCL5SFVY3UUL6OAEA6NXNQH5OUVW7I3/", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2023-12-06T18:22:32", "description": "-------------------------------------------------------------------------\nDebian LTS Advisory DLA-3232-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Tobias Frost\nDecember 07, 2022 https://wiki.debian.org/LTS\n-------------------------------------------------------------------------\n\nPackage : virglrenderer\nVersion : 0.7.0-2+deb10u1\nCVE ID : CVE-2019-18388 CVE-2019-18389 CVE-2019-18390 CVE-2019-18391\n CVE-2020-8002 CVE-2020-8003 CVE-2022-0135\nDebian Bug : 946942 949954 1009073\n\nSeveral security vulnerabilities were discovered in virglrenderer, a virtual\nGPU for KVM virtualization.\n\nCVE-2019-18388\n\n A NULL pointer dereference in vrend_renderer.c in virglrenderer through\n 0.8.0 allows guest OS users to cause a denial of service via malformed\n commands.\n\nCVE-2019-18389\n\n A heap-based buffer overflow in the vrend_renderer_transfer_write_iov\n function in vrend_renderer.c in virglrenderer through 0.8.0 allows\n guest OS users to cause a denial of service, or QEMU guest-to-host\n escape and code execution, via VIRGL_CCMD_RESOURCE_INLINE_WRITE\n commands.\n\nCVE-2019-18390\n\n An out-of-bounds read in the vrend_blit_need_swizzle function in\n vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS\n users to cause a denial of service via VIRGL_CCMD_BLIT commands.\n\nCVE-2019-18391\n\n A heap-based buffer overflow in the vrend_renderer_transfer_write_iov\n function in vrend_renderer.c in virglrenderer through 0.8.0 allows\n guest OS users to cause a denial of service via\n VIRGL_CCMD_RESOURCE_INLINE_WRITE commands.\n\nCVE-2020-8002\n\n A NULL pointer dereference in vrend_renderer.c in virglrenderer through\n 0.8.1 allows attackers to cause a denial of service via commands that attempt\n to launch a grid without previously providing a Compute Shader (CS).\n\nCVE-2020-8003\n\n A double-free vulnerability in vrend_renderer.c in virglrenderer through\n 0.8.1 allows attackers to cause a denial of service by triggering texture\n allocation failure, because vrend_renderer_resource_allocated_texture is not an\n appropriate place for a free.\n\nCVE-2022-0135\n\n An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer\n (virglrenderer). This flaw allows a malicious guest to create a specially\n crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl, leading to a\n denial of service or possible code execution.\n\nFor Debian 10 buster, these problems have been fixed in version\n0.7.0-2+deb10u1.\n\nWe recommend that you upgrade your virglrenderer packages.\n\nFor the detailed security status of virglrenderer please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/virglrenderer\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\nAttachment:\nsignature.asc\nDescription: PGP signature\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-07T17:25:31", "type": "debian", "title": "[SECURITY] [DLA 3232-1] virglrenderer security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-18388", "CVE-2019-18389", "CVE-2019-18390", "CVE-2019-18391", "CVE-2020-8002", "CVE-2020-8003", "CVE-2022-0135"], "modified": "2022-12-07T17:25:31", "id": "DEBIAN:DLA-3232-1:30251", "href": "https://lists.debian.org/debian-lts-announce/2022/12/msg00017.html", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}]}
CVE-2019-18390
