CVE-2019-18389

Published: August 31, 2023Last modified: August 31, 2023

Description

A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service, or QEMU guest-to-host escape and code execution, via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands.

Severity score breakdown

Parameter	Value
Base score	7.8
Attack Vector	LOCAL
Attack complexity	LOW
Privileges required	LOW
User interaction	NONE
Scope	UNCHANGED
Confidentiality	HIGH
Integrity impact	HIGH
Availability impact	HIGH
Vector	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Status

Product	Release	Package	Status
Alpaquita Linux	23 LTS	virglrenderer	Not affected (0.10.3-r0)
Alpaquita Linux	Stream	virglrenderer	Not affected (0.10.4-r2)

References

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00028.html
https://access.redhat.com/security/cve/cve-2019-18389
https://bugzilla.redhat.com/show_bug.cgi?id=1765577
https://gitlab.freedesktop.org/virgl/virglrenderer/commit/cbc8d8b75be360236cada63784046688aeb6d921
https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314/diffs?commit_id=9c280a28651507e6ef87b17b90d47b6af3a4ab7d
https://lists.debian.org/debian-lts-announce/2022/12/msg00017.html