ROSA LABROSA-SA-2023-2267Advisory ROSA-SA-2023-2267
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
15.7%
software: virglrenderer 0.8.1
OS: ROSA-CHROME
package_evr_string: virglrenderer-0.8.1-3.src.rpm
CVE-ID: CVE-2022-0135
BDU-ID: 2023-05686
CVE-Crit: HIGH
CVE-DESC.: An out-of-bounds write issue has been discovered in the OpenGL VirGL virtual visualization tool (virglrenderer). This vulnerability allows an attacker to create a specially crafted Virgil resource and then issue an ioctl VIRTGPU_EXECBUFFER, resulting in a denial of service or possible code execution.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update virglrenderer
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ROSA | any | noarch | virglrenderer | < 0.8.1 | UNKNOWN |
Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
15.7%