Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2022-0401)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2022.0401

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2022-0401)

Resumen: The remote host is missing an update for the 'virglrenderer' package(s) announced via the MGASA-2022-0401 advisory.

Descripción: Summary:
The remote host is missing an update for the 'virglrenderer' package(s) announced via the MGASA-2022-0401 advisory.

Vulnerability Insight:
An out-of-bounds write issue was found in the VirGL virtual OpenGL
renderer (virglrenderer). This flaw allows a malicious guest to create a
specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER
ioctl, leading to a denial of service or possible code execution.
(CVE-2022-0135)

A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The
virgl did not properly initialize memory when allocating a host-backed
memory resource. A malicious guest could use this flaw to mmap from the
guest kernel and read this uninitialized memory from the host, possibly
leading to information disclosure. (CVE-2022-0175)

Affected Software/OS:
'virglrenderer' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:L/AC:L/Au:S/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2022-0135
GLSA-202210-05
https://security.gentoo.org/glsa/202210-05
[debian-lts-announce] 20221207 [SECURITY] [DLA 3232-1] virglrenderer security update
https://lists.debian.org/debian-lts-announce/2022/12/msg00017.html
https://bugzilla.redhat.com/show_bug.cgi?id=2037790
Common Vulnerability Exposure (CVE) ID: CVE-2022-0175
https://access.redhat.com/security/cve/CVE-2022-0175
https://bugzilla.redhat.com/show_bug.cgi?id=2039003
https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/b05bb61f454eeb8a85164c8a31510aeb9d79129c
https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/654
https://security-tracker.debian.org/tracker/CVE-2022-0175

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2022.0401
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2022-0401)
Resumen:	The remote host is missing an update for the 'virglrenderer' package(s) announced via the MGASA-2022-0401 advisory.
Descripción:	Summary: The remote host is missing an update for the 'virglrenderer' package(s) announced via the MGASA-2022-0401 advisory. Vulnerability Insight: An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl, leading to a denial of service or possible code execution. (CVE-2022-0135) A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure. (CVE-2022-0175) Affected Software/OS: 'virglrenderer' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2022-0135 GLSA-202210-05 https://security.gentoo.org/glsa/202210-05 [debian-lts-announce] 20221207 [SECURITY] [DLA 3232-1] virglrenderer security update https://lists.debian.org/debian-lts-announce/2022/12/msg00017.html https://bugzilla.redhat.com/show_bug.cgi?id=2037790 Common Vulnerability Exposure (CVE) ID: CVE-2022-0175 https://access.redhat.com/security/cve/CVE-2022-0175 https://bugzilla.redhat.com/show_bug.cgi?id=2039003 https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/b05bb61f454eeb8a85164c8a31510aeb9d79129c https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/654 https://security-tracker.debian.org/tracker/CVE-2022-0175
Copyright	Copyright (C) 2022 Greenbone AG