Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2022-0401)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2022.0401

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2022-0401)

Zusammenfassung: The remote host is missing an update for the 'virglrenderer' package(s) announced via the MGASA-2022-0401 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'virglrenderer' package(s) announced via the MGASA-2022-0401 advisory.

Vulnerability Insight:
An out-of-bounds write issue was found in the VirGL virtual OpenGL
renderer (virglrenderer). This flaw allows a malicious guest to create a
specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER
ioctl, leading to a denial of service or possible code execution.
(CVE-2022-0135)

A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The
virgl did not properly initialize memory when allocating a host-backed
memory resource. A malicious guest could use this flaw to mmap from the
guest kernel and read this uninitialized memory from the host, possibly
leading to information disclosure. (CVE-2022-0175)

Affected Software/OS:
'virglrenderer' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:L/AC:L/Au:S/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2022-0135
GLSA-202210-05
https://security.gentoo.org/glsa/202210-05
[debian-lts-announce] 20221207 [SECURITY] [DLA 3232-1] virglrenderer security update
https://lists.debian.org/debian-lts-announce/2022/12/msg00017.html
https://bugzilla.redhat.com/show_bug.cgi?id=2037790
Common Vulnerability Exposure (CVE) ID: CVE-2022-0175
https://access.redhat.com/security/cve/CVE-2022-0175
https://bugzilla.redhat.com/show_bug.cgi?id=2039003
https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/b05bb61f454eeb8a85164c8a31510aeb9d79129c
https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/654
https://security-tracker.debian.org/tracker/CVE-2022-0175

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2022.0401
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2022-0401)
Zusammenfassung:	The remote host is missing an update for the 'virglrenderer' package(s) announced via the MGASA-2022-0401 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'virglrenderer' package(s) announced via the MGASA-2022-0401 advisory. Vulnerability Insight: An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl, leading to a denial of service or possible code execution. (CVE-2022-0135) A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure. (CVE-2022-0175) Affected Software/OS: 'virglrenderer' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2022-0135 GLSA-202210-05 https://security.gentoo.org/glsa/202210-05 [debian-lts-announce] 20221207 [SECURITY] [DLA 3232-1] virglrenderer security update https://lists.debian.org/debian-lts-announce/2022/12/msg00017.html https://bugzilla.redhat.com/show_bug.cgi?id=2037790 Common Vulnerability Exposure (CVE) ID: CVE-2022-0175 https://access.redhat.com/security/cve/CVE-2022-0175 https://bugzilla.redhat.com/show_bug.cgi?id=2039003 https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/b05bb61f454eeb8a85164c8a31510aeb9d79129c https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/654 https://security-tracker.debian.org/tracker/CVE-2022-0175
Copyright	Copyright (C) 2022 Greenbone AG