Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.6381 virglrenderer security update 8 December 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: virglrenderer Publisher: Debian Operating System: Debian GNU/Linux Resolution: Patch/Upgrade CVE Names: CVE-2022-0135 CVE-2020-8003 CVE-2020-8002 CVE-2019-18391 CVE-2019-18390 CVE-2019-18389 CVE-2019-18388 Original Bulletin: https://lists.debian.org/debian-lts-announce/2022/12/msg00017.html Comment: CVSS (Max): 7.8 CVE-2022-0135 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSS Source: NVD Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3232-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Tobias Frost December 07, 2022 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : virglrenderer Version : 0.7.0-2+deb10u1 CVE ID : CVE-2019-18388 CVE-2019-18389 CVE-2019-18390 CVE-2019-18391 CVE-2020-8002 CVE-2020-8003 CVE-2022-0135 Debian Bug : 946942 949954 1009073 Several security vulnerabilities were discovered in virglrenderer, a virtual GPU for KVM virtualization. CVE-2019-18388 A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via malformed commands. CVE-2019-18389 A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service, or QEMU guest-to-host escape and code execution, via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands. CVE-2019-18390 An out-of-bounds read in the vrend_blit_need_swizzle function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_BLIT commands. CVE-2019-18391 A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands. CVE-2020-8002 A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service via commands that attempt to launch a grid without previously providing a Compute Shader (CS). CVE-2020-8003 A double-free vulnerability in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service by triggering texture allocation failure, because vrend_renderer_resource_allocated_texture is not an appropriate place for a free. CVE-2022-0135 An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl, leading to a denial of service or possible code execution. For Debian 10 buster, these problems have been fixed in version 0.7.0-2+deb10u1. We recommend that you upgrade your virglrenderer packages. For the detailed security status of virglrenderer please refer to its security tracker page at: https://security-tracker.debian.org/tracker/virglrenderer Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAmOQzIgACgkQkWT6HRe9 XTZnqA/9GFAEyil0uz9M9iPJTrRF6CcRl8aKKWyHerRl4PapvOMHHY9GPeFcnxXG FovygsP9PTew/kRVIVY9XUOQ8hrWynIvKbCk6T/pXF7yQ4BhcgQ1RukonqjrrATa h5/NIgNXaiDBzIBXDFcWrEchRq7oqWkHyWeVsLE+chDmwoVtfFSFNepRL3K5rvHq pB6bOq4XA9zgETkiTDFqApuMH5RzQs/TEFe+6LV8roBbhwoqeM8XQtfmeQSxXMbr 9KBug35ZB9GDoycSdRIEobmPppDXhrEcjoMn/KGniUT7wpMZ+o4SzZq6xAU8l526 W/D0jA8uWBJXaD9q3NmiaW0SaW3cQQ29C0PVe2ZZ4oxjOtcNSCRG/RNgojnV0fW3 MxVtM+fA5sqX7I/byVxM7J8KroY+IWPVbgcHSPeUCTKwjGgyw/agEbZ1AN9WrzWW ZgS7bUx4RYhRxpL+o8ODPdBHzmzkdicuCyqNCEVhtHuHOQ79UVJPtysUJA8UbRAi m/TUlFvlKNnH3c0ATzwVEQ7facTI7SF5t3Zwpa3Dxl+hVIAkHfej8ig0uZYrs7FL ZkKDZ7ZWGBQmKOBEEtHJaIafTZOolB3e2QNist8JP4Z+bmgpJHw6ebyVXiAVwTK2 VHu0keeRdYkV1NfENxkgbNVTXAoNTTWg2k+lA2GMmDPP6z3AvmM= =B4MN - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBY5Eme8kNZI30y1K9AQjKWw//fazOnF5v03HSwMQYCj3RCA6utHUlRFsO BxXVrSqEdjXtupR0WU6eIslb68jyQMaHfEvvAwr9EA1+6GdbqPYN3n6SKFdOuJ3z 0tRxdi1yyoCGkyW8Kiz1n+NhUktqkFWMaJ2nEcCDwrjISZ4Tc1iuvYgkCdkxDybs I41N4gZNhCOhjAMMyDB1R4C9GBMnAXnQpULuHjVs18M24AvRGxA9/+IHw+bJO+ou WwwXKs6WZOpmas8sK3IuAQKyKGNDAhKvRQ89HHIAxVvKoXibhyXd4sTFeDTnkL29 Ov9ku+i3MGOCEX4u0RoszYlMBqH9fcyOsrWzaandicoEYGZogtMthSu40RmFlSeQ k7yQMgDMuEgzKq3pX7pBT7WQGtDiGZOXO3NlNm8yXu9uTlCfQxbCw50pJ9aKdEqw qPlLOhbWglKYY9Y5kx8cKcs3UWkcNF+XRgWdzpvsR5ctM7n2sXLFQZGsfdCKixhV S+E16g9E0+ZU3MPZ52YM3fS2OK77tYKRIrmDTB7Lj0/9xChCn7zHmk+Qg9QjXeDD P1qoTHfeZ4ssLUAmlKWrGPVRlsQLXYiFtonHf+1OPDOcCH29RqWp9nxCtPj0wPFB lGzZCWqDODnoI6WWjrPh/h0wpkG8ZgMnKoOQNSfMpOOPb/SXUdPFXKUGsAK0QRii c2vROEtit/g= =7eZN -----END PGP SIGNATURE-----