Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.6381
virglrenderer security update
8 December 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: virglrenderer
Publisher: Debian
Operating System: Debian GNU/Linux
Resolution: Patch/Upgrade
CVE Names: CVE-2022-0135 CVE-2020-8003 CVE-2020-8002
CVE-2019-18391 CVE-2019-18390 CVE-2019-18389
CVE-2019-18388
Original Bulletin:
https://lists.debian.org/debian-lts-announce/2022/12/msg00017.html
Comment: CVSS (Max): 7.8 CVE-2022-0135 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: NVD
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3232-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Tobias Frost
December 07, 2022 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : virglrenderer
Version : 0.7.0-2+deb10u1
CVE ID : CVE-2019-18388 CVE-2019-18389 CVE-2019-18390 CVE-2019-18391
CVE-2020-8002 CVE-2020-8003 CVE-2022-0135
Debian Bug : 946942 949954 1009073
Several security vulnerabilities were discovered in virglrenderer, a virtual
GPU for KVM virtualization.
CVE-2019-18388
A NULL pointer dereference in vrend_renderer.c in virglrenderer through
0.8.0 allows guest OS users to cause a denial of service via malformed
commands.
CVE-2019-18389
A heap-based buffer overflow in the vrend_renderer_transfer_write_iov
function in vrend_renderer.c in virglrenderer through 0.8.0 allows
guest OS users to cause a denial of service, or QEMU guest-to-host
escape and code execution, via VIRGL_CCMD_RESOURCE_INLINE_WRITE
commands.
CVE-2019-18390
An out-of-bounds read in the vrend_blit_need_swizzle function in
vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS
users to cause a denial of service via VIRGL_CCMD_BLIT commands.
CVE-2019-18391
A heap-based buffer overflow in the vrend_renderer_transfer_write_iov
function in vrend_renderer.c in virglrenderer through 0.8.0 allows
guest OS users to cause a denial of service via
VIRGL_CCMD_RESOURCE_INLINE_WRITE commands.
CVE-2020-8002
A NULL pointer dereference in vrend_renderer.c in virglrenderer through
0.8.1 allows attackers to cause a denial of service via commands that attempt
to launch a grid without previously providing a Compute Shader (CS).
CVE-2020-8003
A double-free vulnerability in vrend_renderer.c in virglrenderer through
0.8.1 allows attackers to cause a denial of service by triggering texture
allocation failure, because vrend_renderer_resource_allocated_texture is not an
appropriate place for a free.
CVE-2022-0135
An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer
(virglrenderer). This flaw allows a malicious guest to create a specially
crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl, leading to a
denial of service or possible code execution.
For Debian 10 buster, these problems have been fixed in version
0.7.0-2+deb10u1.
We recommend that you upgrade your virglrenderer packages.
For the detailed security status of virglrenderer please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/virglrenderer
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAmOQzIgACgkQkWT6HRe9
XTZnqA/9GFAEyil0uz9M9iPJTrRF6CcRl8aKKWyHerRl4PapvOMHHY9GPeFcnxXG
FovygsP9PTew/kRVIVY9XUOQ8hrWynIvKbCk6T/pXF7yQ4BhcgQ1RukonqjrrATa
h5/NIgNXaiDBzIBXDFcWrEchRq7oqWkHyWeVsLE+chDmwoVtfFSFNepRL3K5rvHq
pB6bOq4XA9zgETkiTDFqApuMH5RzQs/TEFe+6LV8roBbhwoqeM8XQtfmeQSxXMbr
9KBug35ZB9GDoycSdRIEobmPppDXhrEcjoMn/KGniUT7wpMZ+o4SzZq6xAU8l526
W/D0jA8uWBJXaD9q3NmiaW0SaW3cQQ29C0PVe2ZZ4oxjOtcNSCRG/RNgojnV0fW3
MxVtM+fA5sqX7I/byVxM7J8KroY+IWPVbgcHSPeUCTKwjGgyw/agEbZ1AN9WrzWW
ZgS7bUx4RYhRxpL+o8ODPdBHzmzkdicuCyqNCEVhtHuHOQ79UVJPtysUJA8UbRAi
m/TUlFvlKNnH3c0ATzwVEQ7facTI7SF5t3Zwpa3Dxl+hVIAkHfej8ig0uZYrs7FL
ZkKDZ7ZWGBQmKOBEEtHJaIafTZOolB3e2QNist8JP4Z+bmgpJHw6ebyVXiAVwTK2
VHu0keeRdYkV1NfENxkgbNVTXAoNTTWg2k+lA2GMmDPP6z3AvmM=
=B4MN
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBY5Eme8kNZI30y1K9AQjKWw//fazOnF5v03HSwMQYCj3RCA6utHUlRFsO
BxXVrSqEdjXtupR0WU6eIslb68jyQMaHfEvvAwr9EA1+6GdbqPYN3n6SKFdOuJ3z
0tRxdi1yyoCGkyW8Kiz1n+NhUktqkFWMaJ2nEcCDwrjISZ4Tc1iuvYgkCdkxDybs
I41N4gZNhCOhjAMMyDB1R4C9GBMnAXnQpULuHjVs18M24AvRGxA9/+IHw+bJO+ou
WwwXKs6WZOpmas8sK3IuAQKyKGNDAhKvRQ89HHIAxVvKoXibhyXd4sTFeDTnkL29
Ov9ku+i3MGOCEX4u0RoszYlMBqH9fcyOsrWzaandicoEYGZogtMthSu40RmFlSeQ
k7yQMgDMuEgzKq3pX7pBT7WQGtDiGZOXO3NlNm8yXu9uTlCfQxbCw50pJ9aKdEqw
qPlLOhbWglKYY9Y5kx8cKcs3UWkcNF+XRgWdzpvsR5ctM7n2sXLFQZGsfdCKixhV
S+E16g9E0+ZU3MPZ52YM3fS2OK77tYKRIrmDTB7Lj0/9xChCn7zHmk+Qg9QjXeDD
P1qoTHfeZ4ssLUAmlKWrGPVRlsQLXYiFtonHf+1OPDOcCH29RqWp9nxCtPj0wPFB
lGzZCWqDODnoI6WWjrPh/h0wpkG8ZgMnKoOQNSfMpOOPb/SXUdPFXKUGsAK0QRii
c2vROEtit/g=
=7eZN
-----END PGP SIGNATURE-----