CVE-2020-8003

MEDIUM

virglrenderer <0.8.1 - DoS

Title source: llm

Description

A double-free vulnerability in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service by triggering texture allocation failure, because vrend_renderer_resource_allocated_texture is not an appropriate place for a free.

References (5)

[Patch, Third Party Advisory] https://gitlab.freedesktop.org/virgl/virglrenderer/commit/f9b079ccc319c98499111f66bd654fc9b56cf15f?merge_request_iid=340

[Patch, Third Party Advisory] https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/340

[Patch, Third Party Advisory] https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/340/diffs?commit_id=3320973c9f2068f60cf6613c2811a8824781878a

[Patch, Third Party Advisory] https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/340/diffs?commit_id=f9b079ccc319c98499111f66bd654fc9b56cf15f

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2022/12/msg00017.html

Scores

CVSS v3 5.5

EPSS 0.0015

EPSS Percentile 35.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-415

Status published

Affected Products (2)

virglrenderer_project/virglrenderer < 0.8.1

debian/debian_linux

Timeline

Published Jan 27, 2020

Tracked Since Feb 18, 2026