CVE-2022-0175

2022-08-2618:15:08

CWE-909

[email protected]

web.nvd.nist.gov

103

virgl

opengl

renderer

virglrenderer

cve-2022-0175

memory initialization

information disclosure

nvd

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.2%

JSON

A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure.

Affected configurations

Vulners

NVD

Node

virglrenderer_projectvirglrendererRange≤0.9.0

VendorProductVersionCPE
virglrenderer_projectvirglrenderer*cpe:2.3:a:virglrenderer_project:virglrenderer:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
virglrenderer_project	virglrenderer	*	cpe:2.3:a:virglrenderer_project:virglrenderer::::::::

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "virglrenderer",
    "versions": [
      {
        "version": "Affects v0.9.0 and later.",
        "status": "affected"
      }
    ]
  }
]