Vulnerabilities > CVE-2019-18389 - Out-of-bounds Write vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service, or QEMU guest-to-host escape and code execution, via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 7 | |
OS | 1 | |
OS | 1 | |
OS | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-0017-1.NASL description This update for virglrenderer fixes the following issues : CVE-2019-18388: Fixed a NULL pointer dereference which could have led to denial of service (bsc#1159479). CVE-2019-18390: Fixed an out of bound read which could have led to denial of service (bsc#1159478). CVE-2019-18389: Fixed a heap buffer overflow which could have led to guest escape or denial of service (bsc#1159482). CVE-2019-18391: Fixed a heap-based buffer overflow which could have led to guest escape or denial of service (bsc#1159486). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 132703 published 2020-01-08 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132703 title SUSE SLED15 / SLES15 Security Update : virglrenderer (SUSE-SU-2020:0017-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2020-58.NASL description This update for virglrenderer fixes the following issues : - CVE-2019-18388: Fixed a NULL pointer dereference which could have led to denial of service (bsc#1159479). - CVE-2019-18390: Fixed an out of bound read which could have led to denial of service (bsc#1159478). - CVE-2019-18389: Fixed a heap buffer overflow which could have led to guest escape or denial of service (bsc#1159482). - CVE-2019-18391: Fixed a heap based buffer overflow which could have led to guest escape or denial of service (bsc#1159486). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 132919 published 2020-01-15 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132919 title openSUSE Security Update : virglrenderer (openSUSE-2020-58) NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-0016-1.NASL description This update for virglrenderer fixes the following issues : CVE-2019-18388: Fixed a NULL pointer dereference which could have led to denial of service (bsc#1159479). CVE-2019-18390: Fixed an out of bound read which could have led to denial of service (bsc#1159478). CVE-2019-18389: Fixed a heap buffer overflow which could have led to guest escape or denial of service (bsc#1159482). CVE-2019-18391: Fixed a heap-based buffer overflow which could have led to guest escape or denial of service (bsc#1159486). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 132702 published 2020-01-08 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132702 title SUSE SLED12 / SLES12 Security Update : virglrenderer (SUSE-SU-2020:0016-1)
Redhat
advisories |
|
References
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00028.html
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00028.html
- https://access.redhat.com/security/cve/cve-2019-18389
- https://access.redhat.com/security/cve/cve-2019-18389
- https://bugzilla.redhat.com/show_bug.cgi?id=1765577
- https://bugzilla.redhat.com/show_bug.cgi?id=1765577
- https://gitlab.freedesktop.org/virgl/virglrenderer/commit/cbc8d8b75be360236cada63784046688aeb6d921
- https://gitlab.freedesktop.org/virgl/virglrenderer/commit/cbc8d8b75be360236cada63784046688aeb6d921
- https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314/diffs?commit_id=9c280a28651507e6ef87b17b90d47b6af3a4ab7d
- https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314/diffs?commit_id=9c280a28651507e6ef87b17b90d47b6af3a4ab7d
- https://lists.debian.org/debian-lts-announce/2022/12/msg00017.html
- https://lists.debian.org/debian-lts-announce/2022/12/msg00017.html