Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-ALPINE317-VIRGLRENDERER-3144175
- published 23 Nov 2022
- disclosed 25 Aug 2022
How to fix?
virglrenderer to version 0.10.3-r0 or higher.
Note: Versions mentioned in the description apply only to the upstream
virglrenderer package and not the
virglrenderer package as distributed by
How to fix? for
Alpine:3.17 relevant fixed versions and status.
An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl, leading to a denial of service or possible code execution.