Candidate: CVE-2019-18391
PublicDate: 2019-12-23 16:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18391
 https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314
Description:
 A heap-based buffer overflow in the vrend_renderer_transfer_write_iov
 function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS
 users to cause a denial of service via VIRGL_CCMD_RESOURCE_INLINE_WRITE
 commands.
Ubuntu-Description:
Notes:
 mdeslaur> Nothing in bionic actually uses this package, so we will not be
 mdeslaur> releasing a fix for it. Marking as ignored.
Mitigation:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946942
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H [5.5 MEDIUM]


Patches_virglrenderer:
 upstream: https://gitlab.freedesktop.org/virgl/virglrenderer/commit/2abeb1802e3c005b17a7123e382171b3fb665971
upstream_virglrenderer: released (0.8.1-1)
precise/esm_virglrenderer: DNE
trusty_virglrenderer: ignored (out of standard support)
trusty/esm_virglrenderer: DNE
xenial_virglrenderer: DNE
bionic_virglrenderer: ignored
disco_virglrenderer: ignored (reached end-of-life)
eoan_virglrenderer: ignored (reached end-of-life)
focal_virglrenderer: not-affected (0.8.1-6)
devel_virglrenderer: not-affected (0.8.1-6)