Bugzilla – Bug 1195389
VUL-0: CVE-2022-0135: virglrenderer: out-of-bounds write in read_transfer_data()
Last modified: 2022-07-14 13:19:06 UTC
rh#2037790 An out-of-bound write was found in virglrenderer in src/vrend_renderer.c:read_transfer_data(). References: https://bugzilla.redhat.com/show_bug.cgi?id=2037790 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0135
Affected: - SUSE:SLE-12-SP2:Update - SUSE:SLE-15:Update - openSUSE:Factory Upstream patch: https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/95e581fd181b213c2ed7cdc63f2abc03eaaa77ec Upstream MR: https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/654/commits
Virtualization/virglrenderer SR#950715 SLE12 SR#263829 SLE15 SR#263828
(In reply to Carlos López from comment #1) > Affected: > - SUSE:SLE-12-SP2:Update > - SUSE:SLE-15:Update > - openSUSE:Factory > Currently, what we have in SUSE:SLE-15-SP4:GA is the same that is there in openSUSE:Factory. Why is it not affected? Similarly, in SLE-15-SP3:Update, we have the same code that is there in SLE-15:Update... What am I missing?
openSUSE-SU-2022:0479-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1195389 CVE References: CVE-2022-0135 JIRA References: Sources used: openSUSE Leap 15.4 (src): virglrenderer-0.6.0-4.9.1 openSUSE Leap 15.3 (src): virglrenderer-0.6.0-4.9.1
SUSE-SU-2022:0479-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1195389 CVE References: CVE-2022-0135 JIRA References: Sources used: SUSE Manager Server 4.1 (src): virglrenderer-0.6.0-4.9.1 SUSE Manager Retail Branch Server 4.1 (src): virglrenderer-0.6.0-4.9.1 SUSE Manager Proxy 4.1 (src): virglrenderer-0.6.0-4.9.1 SUSE Linux Enterprise Server for SAP 15-SP2 (src): virglrenderer-0.6.0-4.9.1 SUSE Linux Enterprise Server for SAP 15-SP1 (src): virglrenderer-0.6.0-4.9.1 SUSE Linux Enterprise Server for SAP 15 (src): virglrenderer-0.6.0-4.9.1 SUSE Linux Enterprise Server 15-SP2-LTSS (src): virglrenderer-0.6.0-4.9.1 SUSE Linux Enterprise Server 15-SP2-BCL (src): virglrenderer-0.6.0-4.9.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): virglrenderer-0.6.0-4.9.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): virglrenderer-0.6.0-4.9.1 SUSE Linux Enterprise Server 15-LTSS (src): virglrenderer-0.6.0-4.9.1 SUSE Linux Enterprise Realtime Extension 15-SP2 (src): virglrenderer-0.6.0-4.9.1 SUSE Linux Enterprise Module for Server Applications 15-SP4 (src): virglrenderer-0.6.0-4.9.1 SUSE Linux Enterprise Module for Server Applications 15-SP3 (src): virglrenderer-0.6.0-4.9.1 SUSE Linux Enterprise Micro 5.0 (src): virglrenderer-0.6.0-4.9.1 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src): virglrenderer-0.6.0-4.9.1 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src): virglrenderer-0.6.0-4.9.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): virglrenderer-0.6.0-4.9.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): virglrenderer-0.6.0-4.9.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): virglrenderer-0.6.0-4.9.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): virglrenderer-0.6.0-4.9.1 SUSE Enterprise Storage 7 (src): virglrenderer-0.6.0-4.9.1 SUSE Enterprise Storage 6 (src): virglrenderer-0.6.0-4.9.1 SUSE CaaS Platform 4.0 (src): virglrenderer-0.6.0-4.9.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:0478-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1195389 CVE References: CVE-2022-0135 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): virglrenderer-0.5.0-12.9.1 SUSE OpenStack Cloud Crowbar 8 (src): virglrenderer-0.5.0-12.9.1 SUSE OpenStack Cloud 9 (src): virglrenderer-0.5.0-12.9.1 SUSE OpenStack Cloud 8 (src): virglrenderer-0.5.0-12.9.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): virglrenderer-0.5.0-12.9.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): virglrenderer-0.5.0-12.9.1 SUSE Linux Enterprise Server for SAP 12-SP3 (src): virglrenderer-0.5.0-12.9.1 SUSE Linux Enterprise Server 12-SP5 (src): virglrenderer-0.5.0-12.9.1 SUSE Linux Enterprise Server 12-SP4-LTSS (src): virglrenderer-0.5.0-12.9.1 SUSE Linux Enterprise Server 12-SP3-LTSS (src): virglrenderer-0.5.0-12.9.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): virglrenderer-0.5.0-12.9.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): virglrenderer-0.5.0-12.9.1 HPE Helion Openstack 8 (src): virglrenderer-0.5.0-12.9.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SLE15SP4: SR#274047
SUSE-SU-2022:2395-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1195389 CVE References: CVE-2022-0135 JIRA References: Sources used: openSUSE Leap 15.4 (src): virglrenderer-0.9.1-150400.3.3.1 SUSE Linux Enterprise Module for Server Applications 15-SP4 (src): virglrenderer-0.9.1-150400.3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.