Candidate: CVE-2019-18390
PublicDate: 2019-12-23 16:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18390
 https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314/diffs?commit_id=d2cdbcf6a8f2317f250fd54f08aa35dde2fa3e30#3cd772559e0d73afa136d6818023cfd0c4c8ecc0_0_151
 https://access.redhat.com/security/cve/cve-2019-18390
Description:
 An out-of-bounds read in the vrend_blit_need_swizzle function in
 vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to
 cause a denial of service via VIRGL_CCMD_BLIT commands.
Ubuntu-Description:
Notes:
 mdeslaur> Nothing in bionic actually uses this package, so we will not be
 mdeslaur> releasing a fix for it. Marking as ignored.
Mitigation:
Bugs:
 https://bugzilla.redhat.com/show_bug.cgi?id=1765584
Priority: low
Discovered-by:
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H [7.1 HIGH]


Patches_virglrenderer:
 upstream: https://gitlab.freedesktop.org/virgl/virglrenderer/commit/24f67de7a9088a873844a39be03cee6882260ac9
upstream_virglrenderer: released (0.8.1-1)
precise/esm_virglrenderer: DNE
trusty_virglrenderer: ignored (out of standard support)
trusty/esm_virglrenderer: DNE
xenial_virglrenderer: DNE
bionic_virglrenderer: ignored
disco_virglrenderer: ignored (reached end-of-life)
eoan_virglrenderer: ignored (reached end-of-life)
focal_virglrenderer: not-affected (0.8.1-6)
devel_virglrenderer: not-affected (0.8.1-6)