CVE-2022-0175

2022-08-2618:15:08

Google

osv.dev

virgl

opengl

memory disclosure

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6 Medium

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

17.0%

JSON

A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure.

CPENameOperatorVersion
virglrenderereqirglrenderer-0.4.0
virglrenderereq0.8.2
virglrenderereqirglrenderer-0.5.0
virglrenderereqirglrenderer-0.8.2
virglrenderereqirglrenderer-0.7.0
virglrenderereqirglrenderer-0.6.0
virglrenderereqirglrenderer-0.8.0
virglrenderereqirglrenderer-0.8.1
virglrenderereq0.9.0
virglrenderereqirglrenderer-0.2.0

Name	Operator	Version
virglrenderer	eq	irglrenderer-0.4.0
virglrenderer	eq	0.8.2
virglrenderer	eq	irglrenderer-0.5.0
virglrenderer	eq	irglrenderer-0.8.2
virglrenderer	eq	irglrenderer-0.7.0
virglrenderer	eq	irglrenderer-0.6.0
virglrenderer	eq	irglrenderer-0.8.0
virglrenderer	eq	irglrenderer-0.8.1
virglrenderer	eq	0.9.0
virglrenderer	eq	irglrenderer-0.2.0