Published: 23/12/2019 Updated: 02/02/2023

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 409

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer up to and including 0.8.0 allows guest OS users to cause a denial of service, or QEMU guest-to-host escape and code execution, via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands.

Vulnerable Product	Search on Vulmon	Subscribe to Product
virglrenderer project virglrenderer
redhat enterprise linux 8.0
opensuse leap 15.1
debian debian linux 10.0

Debian Bug report logs - #946942 virglrenderer: CVE-2019-18389 CVE-2019-18391 Package: src:virglrenderer; Maintainer for src:virglrenderer is Gert Wollny <gewo@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 18 Dec 2019 10:24:02 UTC Severity: grave Tags: security, upstream Found in vers ...

CWE-787 https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314/diffs?commit_id=9c280a28651507e6ef87b17b90d47b6af3a4ab7d https://gitlab.freedesktop.org/virgl/virglrenderer/commit/cbc8d8b75be360236cada63784046688aeb6d921 https://bugzilla.redhat.com/show_bug.cgi?id=1765577 https://access.redhat.com/security/cve/cve-2019-18389 http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00028.html https://lists.debian.org/debian-lts-announce/2022/12/msg00017.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946942 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-18389

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect