Source: virglrenderer Version: 0.8.1-6 Severity: grave Tags: security upstream Control: found -1 0.7.0-2
Hi, The following vulnerabilities were published for virglrenderer. CVE-2020-8002[0]: | A NULL pointer dereference in vrend_renderer.c in virglrenderer | through 0.8.1 allows attackers to cause a denial of service via | commands that attempt to launch a grid without previously providing a | Compute Shader (CS). CVE-2020-8003[1]: | A double-free vulnerability in vrend_renderer.c in virglrenderer | through 0.8.1 allows attackers to cause a denial of service by | triggering texture allocation failure, because | vrend_renderer_resource_allocated_texture is not an appropriate place | for a free. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-8002 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8002 https://gitlab.freedesktop.org/virgl/virglrenderer/commit/63bcca251f093d83da7e290ab4bbd38ae69089b5 [1] https://security-tracker.debian.org/tracker/CVE-2020-8003 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8003 https://gitlab.freedesktop.org/virgl/virglrenderer/commit/522b610a826f6de58c560cbb38fa8dfc65ae3c42 [2] https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/340 Regards, Salvatore

