CVE-2019-18388

Name

CVE-2019-18388

Description

A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via malformed commands.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

References

Type	URI
Issue Tracking	https://bugzilla.redhat.com/show_bug.cgi?id=1765578
Third Party Advisory	https://access.redhat.com/security/cve/cve-2019-18388
Patch	https://gitlab.freedesktop.org/virgl/virglrenderer/commit/0d9a2c88dc3a70023541b3260b9f00c982abda16
Third Party Advisory	https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314/diffs?commit_id=d2cdbcf6a8f2317f250fd54f08aa35dde2fa3e30#diff-content-3cd772559e0d73afa136d6818023cfd0c4c8ecc0
Third Party Advisory	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00028.html

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:virglrenderer_project:virglrenderer::::::::`	virglrenderer	>= None	<= 0.8.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
virglrenderer	3.11-main	0.8.1-r0	Fernando Casas Schossow <casasfernando@outlook.com>	fixed