Vulnerability Details CVE-2022-0175
A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 5.2%
CVSS Severity
CVSS v3 Score 5.5
References
- https://access.redhat.com/security/cve/CVE-2022-0175
- https://bugzilla.redhat.com/show_bug.cgi?id=2039003
- https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/b05bb61f454eeb8a85164c8a31510aeb9d79129c
- https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/654
- https://security-tracker.debian.org/tracker/CVE-2022-0175
- https://security.gentoo.org/glsa/202210-05
- https://access.redhat.com/security/cve/CVE-2022-0175
- https://bugzilla.redhat.com/show_bug.cgi?id=2039003
- https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/b05bb61f454eeb8a85164c8a31510aeb9d79129c
- https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/654
- https://security-tracker.debian.org/tracker/CVE-2022-0175
- https://security.gentoo.org/glsa/202210-05
Products affected by CVE-2022-0175
-
cpe:2.3:a:virglrenderer_project:virglrenderer:0.9.0
-
cpe:2.3:a:virglrenderer_project:virglrenderer:0.9.1
-
cpe:2.3:o:redhat:enterprise_linux:8.0