{"id":"CVE-2019-18391","details":"A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands.","modified":"2026-02-10T23:49:11.983789Z","published":"2019-12-23T16:15:11.320Z","related":["SUSE-SU-2020:0016-1","SUSE-SU-2020:0017-1","openSUSE-SU-2020:0058-1","openSUSE-SU-2024:11499-1"],"references":[{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00028.html"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/cve-2019-18391"},{"type":"ADVISORY","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1765589"},{"type":"ADVISORY","url":"https://gitlab.freedesktop.org/virgl/virglrenderer/commit/2abeb1802e3c005b17a7123e382171b3fb665971"},{"type":"ADVISORY","url":"https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314/diffs?commit_id=8c9cfb4e425542e96f0717189fe4658555baaf08"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00017.html"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1765589"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1765589"},{"type":"FIX","url":"https://gitlab.freedesktop.org/virgl/virglrenderer/commit/2abeb1802e3c005b17a7123e382171b3fb665971"},{"type":"ARTICLE","url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00028.html"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00017.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.freedesktop.org/virgl/virglrenderer","events":[{"introduced":"0"},{"fixed":"2abeb1802e3c005b17a7123e382171b3fb665971"}]}],"versions":["virglrenderer-0.2.0","virglrenderer-0.4.0","virglrenderer-0.5.0","virglrenderer-0.6.0","virglrenderer-0.7.0","virglrenderer-0.8.0"],"database_specific":{"vanir_signatures":[{"signature_version":"v1","digest":{"line_hashes":["141347552855496777097344773898259692485","82080927564456806118201595730806083281","131488419841163818612352952790316771532","179374455104432204473931856842977731797","246807098594516868691158148183117145951","222831613115720448266449545946457512616","74242174258136130087693362986902961587","3502818426200585911477805202201942903","142564961026162174146415219564087598519","173939812261767419209301331848291745552","290125616691850514668800301380185149003","171665016758568753867956158656064040453"],"threshold":0.9},"deprecated":false,"signature_type":"Line","id":"CVE-2019-18391-63b8d975","source":"https://gitlab.freedesktop.org/virgl/virglrenderer@2abeb1802e3c005b17a7123e382171b3fb665971","target":{"file":"src/vrend_renderer.c"}},{"signature_version":"v1","digest":{"length":7210,"function_hash":"118250254458798477934576909953554061388"},"deprecated":false,"signature_type":"Function","id":"CVE-2019-18391-74eaed2f","source":"https://gitlab.freedesktop.org/virgl/virglrenderer@2abeb1802e3c005b17a7123e382171b3fb665971","target":{"function":"vrend_renderer_transfer_write_iov","file":"src/vrend_renderer.c"}}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-18391.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}