Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: virtio-gpu: A missing check was fixed to avoid NULL dereferencing. cacheent could potentially be set to NULL inside virtiogpucmdgetcapset, which would lead to a NULL dereferencing due to its recent use i.e., ptr =...

Astra Linux - уязвимость в qemu

A out-of-bounds write vulnerability was discovered in the virtio vhost-user GPU device vhost-user-gpu of QEMU in versions up to and including 6.0. This flaw occurs during the processing of the ‘VIRTIOGPUCMDGETCAPSET’ command from the guest. It could allow a privileged guest user to crash the QEMU...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006643)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006643 advisory. In the Linux kernel, the following vulnerability has been resolved: virtio-gpu: fix a missing check to avoid NULL dereference 'cacheent' could be set NULL inside...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992434)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992434 advisory. In the Linux kernel, the following vulnerability has been resolved: virtio-gpu: fix a missing check to avoid NULL dereference 'cacheent' could be set NULL inside...

EUVD-2022-55445

Malicious code in bioql PyPI...

SUSE CVE-2022-50181

In the Linux kernel, the following vulnerability has been resolved: virtio-gpu: fix a missing check to avoid NULL dereference 'cacheent' could be set NULL inside virtiogpucmdgetcapset and it will lead to a NULL dereference by a lately use of it i.e., ptr = cacheent-capscache. Fix it with a NULL...

DEBIAN-CVE-2022-50181

In the Linux kernel, the following vulnerability has been resolved: virtio-gpu: fix a missing check to avoid NULL dereference 'cacheent' could be set NULL inside virtiogpucmdgetcapset and it will lead to a NULL dereference by a lately use of it i.e., ptr = cacheent-capscache. Fix it with a NULL...

UBUNTU-CVE-2022-50181

In the Linux kernel, the following vulnerability has been resolved: virtio-gpu: fix a missing check to avoid NULL dereference 'cacheent' could be set NULL inside virtiogpucmdgetcapset and it will lead to a NULL dereference by a lately use of it i.e., ptr = cacheent-capscache. Fix it with a NULL...

kernel: virtio-gpu: fix a missing check to avoid NULL dereference

In the Linux kernel, the following vulnerability has been resolved: virtio-gpu: fix a missing check to avoid NULL dereference 'cacheent' could be set NULL inside virtiogpucmdgetcapset and it will lead to a NULL dereference by a lately use of it i.e., ptr = cacheent-capscache. Fix it with a NULL...

kernel: virtio-gpu: fix a missing check to avoid NULL dereference

In the Linux kernel, the following vulnerability has been resolved: virtio-gpu: fix a missing check to avoid NULL dereference 'cacheent' could be set NULL inside virtiogpucmdgetcapset and it will lead to a NULL dereference by a lately use of it i.e., ptr = cacheent-capscache. Fix it with a NULL...

SUSE CVE-2016-9845

QEMU aka Quick Emulator built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processing 'VIRTIOGPUCMDGETCAPSETINFO' command. A guest user/process could use this flaw to leak contents of the host memory bytes...

SUSE CVE-2016-9908

Quick Emulator Qemu built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processing 'VIRTIOGPUCMDGETCAPSET' command. A guest user/process could use this flaw to leak contents of the host memory bytes...

SUSE CVE-2016-10028

The virglcmdgetcapset function in hw/display/virtio-gpu-3d.c in QEMU aka Quick Emulator built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service out-of-bounds read and process crash via a VIRTIOGPUCMDGETCAPSET command with a maximum capabilities size...

SUSE CVE-2021-3545

An information disclosure vulnerability was found in the virtio vhost-user GPU device vhost-user-gpu of QEMU in versions up to and including 6.0. The flaw exists in virglcmdgetcapsetinfo in contrib/vhost-user-gpu/virgl.c and could occur due to the read of uninitialized memory. A malicious guest...

SUSE CVE-2021-3546

An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device vhost-user-gpu of QEMU in versions up to and including 6.0. The flaw occurs while processing the 'VIRTIOGPUCMDGETCAPSET' command from the guest. It could allow a privileged guest user to crash the QEMU process on t...

The vulnerability of the VIRTIO_GPU_CMD_GET_CAPSET command in the QEMU hardware emulation software involves writing beyond the buffer boundaries. This allows an attacker to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the VIRTIOGPUCMDGETCAPSET command in the QEMU hardware emulation software is related to writing beyond the buffer boundaries. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause service failures...

The vulnerability of the `virgl_cmd_get_capset_info()` function in the `contrib/vhost-user-gpu/virgl.c` component of the QEMU hardware emulation software, related to the disclosure of information, allows a malicious actor to gain access to confidential data.

The vulnerability of the virglcmdgetcapsetinfo function in the contrib/vhost-user-gpu/virgl.c component of the QEMU hardware emulation software is related to the disclosure of information. Exploiting this vulnerability allows an attacker to gain access to confidential data...

The vulnerability of the `virgl_cmd_get_capset` function in the `hw/display/virtio-gpu-3d.c` component of the QEMU hardware emulation software occurs due to reading data beyond the buffer’s acceptable limits. This allows an attacker to trigger a service failure.

The vulnerability of the virglcmdgetcapset function in the hw/display/virtio-gpu-3d.c component of the QEMU hardware emulation software is related to reading data from a buffer beyond its allowable limits. Exploiting this vulnerability allows an attacker to trigger a service failure using the...

An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw exists in virgl_cmd_get_capset_info() in contrib/vhost-user-gpu/virgl.c and could occur due to the read of uninitialized memory. A malicious guest could exploit this issue to leak memory from the host.

...

An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw occurs while processing the 'VIRTIO_GPU_CMD_GET_CAPSET' command from the guest. It could allow a privileged guest user to crash the QEMU process on the host resulting in a denial of service condition or potential code execution with the privileges of the QEMU process.

...