CVE-2022-0175

{"id": "CVE-2022-0175", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2022-08-26T18:15:08.660", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2022-0175", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039003", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/b05bb61f454eeb8a85164c8a31510aeb9d79129c", "tags": ["Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/654", "tags": ["Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://security-tracker.debian.org/tracker/CVE-2022-0175", "tags": ["Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://security.gentoo.org/glsa/202210-05", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2022-0175", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039003", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/b05bb61f454eeb8a85164c8a31510aeb9d79129c", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/654", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security-tracker.debian.org/tracker/CVE-2022-0175", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.gentoo.org/glsa/202210-05", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-909"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-909"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en VirGL virtual OpenGL renderer (virglrenderer). El virgl no inicializaba apropiadamente la memoria cuando asignaba un recurso de memoria respaldado por el host. Un hu\u00e9sped malicioso podr\u00eda usar este fallo para hacer un mapa del n\u00facleo del hu\u00e9sped y leer esta memoria no inicializada del anfitri\u00f3n, lo que posiblemente conllevar\u00eda a una divulgaci\u00f3n de informaci\u00f3n."}], "lastModified": "2024-11-21T06:38:04.567", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:virglrenderer_project:virglrenderer:0.9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F71DD71-4A3D-412A-B4B4-5EDD00424A4B"}, {"criteria": "cpe:2.3:a:virglrenderer_project:virglrenderer:0.9.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C035636F-B303-420F-8500-9914C9EEC8D4"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*", "vulnerable": true, "matchCriteriaId": "3AA08768-75AF-4791-B229-AE938C780959"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}