QwikSec

Security Database

CVE

CWE

Training

CVE-2019-18389

Published: Dec 23, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service, or QEMU guest-to-host escape and code execution, via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314/diffs?commit_id=9c280a28651507e6ef87b17b90d47b6af3a4ab7d

https://gitlab.freedesktop.org/virgl/virglrenderer/commit/cbc8d8b75be360236cada63784046688aeb6d921

https://bugzilla.redhat.com/show_bug.cgi?id=1765577

vendor-advisory

openSUSE-SU-2020:0058

vendor-advisory

[debian-lts-announce] 20221207 [SECURITY] [DLA 3232-1] virglrenderer security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.