CVE-2022-0175

low-risk
Published 2022-08-26

A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure.

Do I need to act?

-
0.12% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
LOCAL / LOW complexity

Affected Products (3)

Affected Vendors

Redhat Virglrenderer Project

References (12)

Third Party Advisory https://access.redhat.com/security/cve/CVE-2022-0175
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=2039003
Patch https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/b05bb61f454eeb8a8516...
Patch https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/654
Patch https://security-tracker.debian.org/tracker/CVE-2022-0175
Third Party Advisory https://security.gentoo.org/glsa/202210-05
Third Party Advisory https://access.redhat.com/security/cve/CVE-2022-0175
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=2039003
Patch https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/b05bb61f454eeb8a8516...
Patch https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/654
Patch https://security-tracker.debian.org/tracker/CVE-2022-0175
Third Party Advisory https://security.gentoo.org/glsa/202210-05
28
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 9/34 · Low