Bug#1025700: bullseye-pu: package virglrenderer/0.8.2-5+deb11u1
Control: tags -1 + confirmed
On Wed, 2022-12-07 at 18:02 +0100, Tobias Frost wrote:
> I'm currently preparing a security update for virglrenderer for LTS
> and figured out that there is one of the fixed CVEs is not adressed
> in bullseye
> yet.
>
> The CVE fixed is CVE-2022-0135: (#1009073)
>
[...]
> An out-of-bounds write issue was found in the VirGL virtual OpenGL
> renderer
> (virglrenderer). This flaw allows a malicious guest to create a
> specially
> crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl,
> leading to a
> denial of service or possible code execution.
>
Please go ahead.
Regards,
Adam
Reply to: