CVE-2022-0175

Summary

A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure.

Affected Software

VendorProductVersion RangeStatus
n/avirglrendererAffects v0.9.0 and later.affected

Weaknesses

  • CWE-909: CWE-909 - Missing Initialization of Resource

ADP Enrichment

CVE Program Container

Additional References

References