Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 21 results


CVE-2022-0175

Medium priority

Some fixes available 7 of 8

A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel...

1 affected packages

virglrenderer

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
virglrenderer Fixed Fixed Fixed Vulnerable Ignored
Show less packages

CVE-2022-0135

Medium priority

Some fixes available 7 of 8

An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl, leading to a...

1 affected packages

virglrenderer

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
virglrenderer Fixed Fixed Fixed Vulnerable Ignored
Show less packages

CVE-2020-8003

Low priority
Not affected

A double-free vulnerability in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service by triggering texture allocation failure, because vrend_renderer_resource_allocated_texture is not an...

1 affected packages

virglrenderer

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
virglrenderer Not affected Not in release
Show less packages

CVE-2020-8002

Low priority
Ignored

A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service via commands that attempt to launch a grid without previously providing a Compute Shader (CS).

1 affected packages

virglrenderer

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
virglrenderer Not affected Not affected Not in release
Show less packages

CVE-2019-18391

Medium priority
Ignored

A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands.

1 affected packages

virglrenderer

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
virglrenderer Not affected Ignored Not in release
Show less packages

CVE-2019-18390

Low priority
Ignored

An out-of-bounds read in the vrend_blit_need_swizzle function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_BLIT commands.

1 affected packages

virglrenderer

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
virglrenderer Not affected Ignored Not in release
Show less packages

CVE-2019-18389

Medium priority
Ignored

A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service, or QEMU guest-to-host escape and code execution,...

1 affected packages

virglrenderer

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
virglrenderer Not affected Ignored Not in release
Show less packages

CVE-2019-18388

Low priority
Ignored

A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via malformed commands.

1 affected packages

virglrenderer

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
virglrenderer Not affected Ignored Not in release
Show less packages

CVE-2017-5956

Medium priority
Ignored

The vrend_draw_vbo function in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors involving vertext_buffer_index.

1 affected packages

virglrenderer

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
virglrenderer Not affected Not in release
Show less packages

CVE-2016-10214

Low priority
Ignored

Memory leak in the virgl_resource_attach_backing function in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands.

1 affected packages

virglrenderer

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
virglrenderer Not affected Not in release
Show less packages