1765578 – (CVE-2019-18388) CVE-2019-18388 virglrenderer: NULL pointer dereference in vrend_renderer_resource_create

Bug 1765578 (CVE-2019-18388) - CVE-2019-18388 virglrenderer: NULL pointer dereference in vrend_renderer_resource_create

Summary: CVE-2019-18388 virglrenderer: NULL pointer dereference in vrend_renderer_reso...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2019-18388
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1784694 1785145
Blocks:	1765598
TreeView+	depends on / blocked

Reported:	2019-10-25 13:26 UTC by Marian Rehak
Modified:	2021-10-25 09:54 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2021-10-25 09:54:29 UTC
Embargoed:

Attachments	(Terms of Use)

Description Marian Rehak 2019-10-25 13:26:34 UTC

A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via malformed commands.

Upstream Issue:

https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314/diffs?commit_id=d2cdbcf6a8f2317f250fd54f08aa35dde2fa3e30#3cd772559e0d73afa136d6818023cfd0c4c8ecc0_0_589

Comment 1 Marian Rehak 2019-10-25 13:27:41 UTC

Upstream Patch:

https://gitlab.freedesktop.org/virgl/virglrenderer/commit/0d9a2c88dc3a70023541b3260b9f00c982abda16

Comment 3 Prasad Pandit 2019-12-18 06:04:17 UTC

Created virglrenderer tracking bugs for this issue:

Affects: fedora-all [bug 1784694]

Note You need to log in before you can comment on or make changes to this bug.