{"id":"CVE-2022-0175","details":"A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure.","modified":"2026-05-19T03:47:41.434575Z","published":"2022-08-26T00:00:00Z","related":["SUSE-SU-2022:0110-1","SUSE-SU-2022:0111-1","openSUSE-SU-2022:0111-1","openSUSE-SU-2024:11770-1"],"database_specific":{"cwe_ids":["CWE-909"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/0xxx/CVE-2022-0175.json","cna_assigner":"redhat"},"references":[{"type":"WEB","url":"https://access.redhat.com/security/cve/CVE-2022-0175"},{"type":"WEB","url":"https://security-tracker.debian.org/tracker/CVE-2022-0175"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/0xxx/CVE-2022-0175.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0175"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202210-05"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2039003"},{"type":"FIX","url":"https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/b05bb61f454eeb8a85164c8a31510aeb9d79129c"},{"type":"FIX","url":"https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/654"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.freedesktop.org/virgl/virglrenderer","events":[{"introduced":"0"},{"fixed":"b05bb61f454eeb8a85164c8a31510aeb9d79129c"}]}],"versions":["virglrenderer-0.9.0","0.9.0","virglrenderer-0.8.2","0.8.2","virglrenderer-0.8.1","virglrenderer-0.8.0","virglrenderer-0.7.0","virglrenderer-0.6.0","virglrenderer-0.5.0","virglrenderer-0.4.0","virglrenderer-0.2.0"],"database_specific":{"vanir_signatures_modified":"2026-05-19T03:47:41Z","vanir_signatures":[{"target":{"file":"tests/test_virgl_transfer.c","function":"virgl_init_suite"},"signature_version":"v1","digest":{"function_hash":"256077146312398307471656162861090729801","length":2722},"id":"CVE-2022-0175-18f1c017","deprecated":false,"signature_type":"Function","source":"https://gitlab.freedesktop.org/virgl/virglrenderer@b05bb61f454eeb8a85164c8a31510aeb9d79129c"},{"target":{"file":"tests/test_virgl_transfer.c"},"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["96994566600589557309500908919060242648","277401736489299688690648715224349534235","298448684836469699733780436333872573349","35589618375021518938544604778652425168","95612179803856558666978191200428401238","314290784626386590002303889065489234740","152890258249067159615900496431663124396"]},"id":"CVE-2022-0175-292c6ef2","deprecated":false,"signature_type":"Line","source":"https://gitlab.freedesktop.org/virgl/virglrenderer@b05bb61f454eeb8a85164c8a31510aeb9d79129c"},{"target":{"file":"src/vrend_renderer.c","function":"vrend_resource_alloc_buffer"},"signature_version":"v1","digest":{"function_hash":"206136490597754712570222257618109303063","length":1696},"id":"CVE-2022-0175-5d1437e9","deprecated":false,"signature_type":"Function","source":"https://gitlab.freedesktop.org/virgl/virglrenderer@b05bb61f454eeb8a85164c8a31510aeb9d79129c"},{"target":{"file":"src/vrend_renderer.c"},"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["74457806406748915352932023931697253405","33931677254939213498023179985908133204","44080038900611517499805128567371414839","63185170069030426663596365225759103433"]},"id":"CVE-2022-0175-dcc988f7","deprecated":false,"signature_type":"Line","source":"https://gitlab.freedesktop.org/virgl/virglrenderer@b05bb61f454eeb8a85164c8a31510aeb9d79129c"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-0175.json"}}],"schema_version":"1.7.5"}