A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure.

The version of virglrenderer installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-0175 advisory.

  - A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly     initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to     mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to     information disclosure. (CVE-2022-0175)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-202210-05 (virglrenderer: Multiple vulnerabilities)

  - An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw     allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER     ioctl, leading to a denial of service or possible code execution. (CVE-2022-0135)

  - A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly     initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to     mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to     information disclosure. (CVE-2022-0175)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5309-1 advisory.

    It was discovered that virglrenderer incorrectly handled memory. An attacker inside a guest could use this     issue to cause virglrenderer to crash, resulting in a denial of service, or possibly execute arbitrary     code. (CVE-2022-0135)

    It was discovered that virglrenderer incorrectly initialized memory. An attacker inside a guest could     possibly use this issue to obtain sensitive host information. (CVE-2022-0175)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:0111-1 advisory.

  - A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly     initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to     mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to     information disclosure. (CVE-2022-0175)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2022:0111-1 advisory.

  - A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly     initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to     mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to     information disclosure. (CVE-2022-0175)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED12 / SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:0110-1 advisory.

  - A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly     initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to     mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to     information disclosure. (CVE-2022-0175)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
173510	CBL Mariner 2.0 Security Update: virglrenderer (CVE-2022-0175)	Nessus	MarinerOS Local Security Checks	medium
166165	GLSA-202210-05 : virglrenderer: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
158458	Ubuntu 20.04 LTS : virglrenderer vulnerabilities (USN-5309-1)	Nessus	Ubuntu Local Security Checks	high
156844	openSUSE 15 Security Update : virglrenderer (openSUSE-SU-2022:0111-1)	Nessus	SuSE Local Security Checks	medium
156815	SUSE SLES15 Security Update : virglrenderer (SUSE-SU-2022:0111-1)	Nessus	SuSE Local Security Checks	medium
156810	SUSE SLED12 / SLES12 Security Update : virglrenderer (SUSE-SU-2022:0110-1)	Nessus	SuSE Local Security Checks	medium

Detections

Analytics

CVE-2022-0175

medium

Tenable Plugins

medium

high

high

medium

medium

medium