Control: tags -1 + confirmed On Wed, 2022-12-07 at 18:02 +0100, Tobias Frost wrote: > I'm currently preparing a security update for virglrenderer for LTS > and figured out that there is one of the fixed CVEs is not adressed > in bullseye > yet. > > The CVE fixed is CVE-2022-0135: (#1009073) > [...] > An out-of-bounds write issue was found in the VirGL virtual OpenGL > renderer > (virglrenderer). This flaw allows a malicious guest to create a > specially > crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl, > leading to a > denial of service or possible code execution. >
Please go ahead. Regards, Adam
