5.5

CVE-2022-0175

A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatEnterprise Linux Version8.0 SwEditionadvanced_virtualization
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.31% 0.226
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE-909 Missing Initialization of Resource

The product does not initialize a critical resource.

https://security.gentoo.org/glsa/202210-05
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2022-0175
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2039003
Patch
Third Party Advisory
Issue Tracking
https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/b05bb61f454eeb8a85164c8a31510aeb9d79129c
Patch
Third Party Advisory
https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/654
Patch
Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2022-0175
Patch
Third Party Advisory