| Summary: | virglrenderer new security issues CVE-2022-0135 and CVE-2022-0175 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | andrewsfarm, davidwhodgins, mageia, nicolas.salguero, sysadmin-bugs |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA8-64-OK | ||
| Source RPM: | virglrenderer-0.8.2-1.20200212git7d204f39.mga8.src.rpm | CVE: | CVE-2022-0135, CVE-2022-0175 |
| Status comment: | |||
| Attachments: | screen shot: guest Mageia 8 running glmark2 ; host running radeontop and htop | ||
|
Description
David Walser
2022-01-18 16:10:06 CET
David Walser
2022-01-18 16:10:22 CET
Status comment:
(none) =>
Patch available from upstream Easy to assign: tv's baby. Assignee:
bugsquad =>
thierry.vignaud openSUSE has issued an advisory for this on January 18: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LNFLD35UGUIRPTGF3HA3JP2MXLLHWPIX/ Status comment:
Patch available from upstream =>
Patches available from upstream and openSUSE SUSE has issued an advisory today (February 17): https://lists.suse.com/pipermail/sle-security-updates/2022-February/010243.html It fixes a new security issue. Summary:
virglrenderer new security issue CVE-2022-0175 =>
virglrenderer new security issues CVE-2022-0135 and CVE-2022-0175 (In reply to David Walser from comment #3) > SUSE has issued an advisory today (February 17): > https://lists.suse.com/pipermail/sle-security-updates/2022-February/010243. > html > > It fixes a new security issue. Equivalent openSUSE advisory: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EQXVEUIFIMFD6G5N2JBQ2A6XUYVZBCSY/ Ubuntu has issued an advisory for this today (February 28): https://ubuntu.com/security/notices/USN-5309-1 Suggested advisory: ======================== The updated packages fix security vulnerabilities: An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl, leading to a denial of service or possible code execution. (CVE-2022-0135) A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure. (CVE-2022-0175) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0135 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0175 https://lists.suse.com/pipermail/sle-security-updates/2022-January/010013.html https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LNFLD35UGUIRPTGF3HA3JP2MXLLHWPIX/ https://lists.suse.com/pipermail/sle-security-updates/2022-February/010243.html https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EQXVEUIFIMFD6G5N2JBQ2A6XUYVZBCSY/ https://ubuntu.com/security/notices/USN-5309-1 ======================== Updated packages in core/updates_testing: ======================== lib(64)virglrenderer1-0.8.2-1.20200212git7d204f39.1.mga8 lib(64)virglrenderer-devel-0.8.2-1.20200212git7d204f39.1.mga8 virglrenderer-test-server-0.8.2-1.20200212git7d204f39.1.mga8 from SRPM: virglrenderer-0.8.2-1.20200212git7d204f39.1.mga8.src.rpm Status comment:
Patches available from upstream and openSUSE =>
(none) Installed and tested without issues.
Tested with a Mageia 8 guest, using glxinfo, glmarkl2 and 3D games (e.g. warzone2100).
I usually use PCI pass-through with a Radeon RX 6500 XT so I don't have much experience with virgl but in the tests I did it worked.
For some reason, virgl is limited to 60 FPS
See attached screen shot.
Host system: Mageia 8, x86_64, Plasma DE, AMD Ryzen 5 5600G with Radeon Graphics.
$ uname -a
Linux jupiter 5.19.16-desktop-1.mga8 #1 SMP PREEMPT_DYNAMIC Sat Oct 15 18:19:46 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -qa | grep virgl
lib64virglrenderer1-0.8.2-1.20200212git7d204f39.1.mga8
Guest system: QEMU/KVM, Mageia 8, x86_64, LXQt DE, virgl using the integrated GPU in the AMD Ryzen 5 5600G.
$ uname -a
Linux vm-jupiter-mageia-8 5.19.16-desktop-1.mga8 #1 SMP PREEMPT_DYNAMIC Sat Oct 15 18:19:46 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
$ glxinfo
name of display: :0
display: :0 screen: 0
direct rendering: Yes
server glx vendor string: SGI
server glx version string: 1.4
server glx extensions:
<SNIP>
client glx vendor string: Mesa Project and SGI
client glx version string: 1.4
<SNIP>
Extended renderer info (GLX_MESA_query_renderer):
Vendor: Mesa/X.org (0x1af4)
Device: virgl (0x1010)
Version: 21.3.8
Accelerated: yes
Video memory: 0MB
Unified memory: no
Preferred profile: core (0x1)
Max core profile version: 4.3
Max compat profile version: 3.1
Max GLES1 profile version: 1.1
Max GLES[23] profile version: 3.1
OpenGL vendor string: Mesa/X.org
OpenGL renderer string: virgl
OpenGL core profile version string: 4.3 (Core Profile) Mesa 21.3.8
OpenGL core profile shading language version string: 4.30
OpenGL core profile context flags: (none)
OpenGL core profile profile mask: core profile
OpenGL core profile extensions:
<SNIP>CC:
(none) =>
mageia Created attachment 13456 [details]
screen shot: guest Mageia 8 running glmark2 ; host running radeontop and htop
Many thanks for the test. Giving this an OK, and validating. Advisory in Comment 6. CC:
(none) =>
andrewsfarm, sysadmin-bugs
Dave Hodgins
2022-11-01 22:40:09 CET
CC:
(none) =>
davidwhodgins An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0401.html Resolution:
(none) =>
FIXED |