[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2019-18390Date: (C)2019-12-24   (M)2023-12-22


An out-of-bounds read in the vrend_blit_need_swizzle function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_BLIT commands.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 7.1CVSS Score : 3.6
Exploit Score: 1.8Exploit Score: 3.9
Impact Score: 5.2Impact Score: 4.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: LOCALAccess Vector: LOCAL
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: LOWAuthentication: NONE
User Interaction: NONEConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: HIGHAvailability: PARTIAL
Integrity: NONE 
Availability: HIGH 
  
Reference:
https://access.redhat.com/security/cve/cve-2019-18390
https://lists.debian.org/debian-lts-announce/2022/12/msg00017.html
https://bugzilla.redhat.com/show_bug.cgi?id=1765584
https://gitlab.freedesktop.org/virgl/virglrenderer/commit/24f67de7a9088a873844a39be03cee6882260ac9
https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314/diffs?commit_id=d2cdbcf6a8f2317f250fd54f08aa35dde2fa3e30#3cd772559e0d73afa136d6818023cfd0c4c8ecc0_0_151
openSUSE-SU-2020:0058

CWE    1
CWE-125
OVAL    2
oval:org.secpod.oval:def:89050451
oval:org.secpod.oval:def:89000680

© SecPod Technologies