An update for virglrenderer is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2022-1570
Final
1.0
1.0
2022-03-12
Initial
2022-03-12
2022-03-12
openEuler SA Tool V1.0
2022-03-12
virglrenderer security update
An update for virglrenderer is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3.
The virgil3d rendering library is a library used by qemu to implement 3D GPU support for the virtio GPU.
Security Fix(es):
A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service via commands that attempt to launch a grid without previously providing a Compute Shader (CS).(CVE-2020-8002)
A double-free vulnerability in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service by triggering texture allocation failure, because vrend_renderer_resource_allocated_texture is not an appropriate place for a free.(CVE-2020-8003)
An update for virglrenderer is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3.
openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
Medium
virglrenderer
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1570
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-8002
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-8003
https://nvd.nist.gov/vuln/detail/CVE-2020-8002
https://nvd.nist.gov/vuln/detail/CVE-2020-8003
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
openEuler-20.03-LTS-SP3
virglrenderer-devel-0.7.0-3.oe1.aarch64.rpm
virglrenderer-0.7.0-3.oe1.aarch64.rpm
virglrenderer-debuginfo-0.7.0-3.oe1.aarch64.rpm
virglrenderer-debugsource-0.7.0-3.oe1.aarch64.rpm
virglrenderer-devel-0.7.0-3.oe1.aarch64.rpm
virglrenderer-debuginfo-0.7.0-3.oe1.aarch64.rpm
virglrenderer-debugsource-0.7.0-3.oe1.aarch64.rpm
virglrenderer-0.7.0-3.oe1.aarch64.rpm
virglrenderer-0.7.0-3.oe1.aarch64.rpm
virglrenderer-devel-0.7.0-3.oe1.aarch64.rpm
virglrenderer-debuginfo-0.7.0-3.oe1.aarch64.rpm
virglrenderer-debugsource-0.7.0-3.oe1.aarch64.rpm
virglrenderer-0.7.0-3.oe1.src.rpm
virglrenderer-0.7.0-3.oe1.src.rpm
virglrenderer-0.7.0-3.oe1.src.rpm
virglrenderer-0.7.0-3.oe1.x86_64.rpm
virglrenderer-debuginfo-0.7.0-3.oe1.x86_64.rpm
virglrenderer-devel-0.7.0-3.oe1.x86_64.rpm
virglrenderer-debugsource-0.7.0-3.oe1.x86_64.rpm
virglrenderer-0.7.0-3.oe1.x86_64.rpm
virglrenderer-debugsource-0.7.0-3.oe1.x86_64.rpm
virglrenderer-devel-0.7.0-3.oe1.x86_64.rpm
virglrenderer-debuginfo-0.7.0-3.oe1.x86_64.rpm
virglrenderer-debuginfo-0.7.0-3.oe1.x86_64.rpm
virglrenderer-devel-0.7.0-3.oe1.x86_64.rpm
virglrenderer-0.7.0-3.oe1.x86_64.rpm
virglrenderer-debugsource-0.7.0-3.oe1.x86_64.rpm
A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service via commands that attempt to launch a grid without previously providing a Compute Shader (CS).
2022-03-12
CVE-2020-8002
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
openEuler-20.03-LTS-SP3
Medium
5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
virglrenderer security update
2022-03-12
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1570
A double-free vulnerability in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service by triggering texture allocation failure, because vrend_renderer_resource_allocated_texture is not an appropriate place for a free.
2022-03-12
CVE-2020-8003
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
openEuler-20.03-LTS-SP3
Medium
5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
virglrenderer security update
2022-03-12
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1570