This was fixed in https://ubuntu.com/security/notices/USN-5309-1 for focal and newer; it is unfixed in bionic where virglrenderer is community maintained.
(Edited to fix USN URL.) ** Also affects: virglrenderer (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: virglrenderer (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: virglrenderer (Ubuntu Impish) Importance: Undecided Status: New ** Changed in: virglrenderer (Ubuntu) Status: New => Fix Released ** Changed in: virglrenderer (Ubuntu Bionic) Status: New => Confirmed ** Changed in: virglrenderer (Ubuntu Bionic) Status: Confirmed => Triaged ** Changed in: virglrenderer (Ubuntu Focal) Status: New => Fix Released ** Changed in: virglrenderer (Ubuntu Impish) Status: New => Fix Released ** Information type changed from Private Security to Public Security ** Tags added: community-security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1950939 Title: OOB write in the vrend_renderer_transfer_write_iov on virglrenderer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/virglrenderer/+bug/1950939/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs