SUSE has issued an advisory today (January 18):
Mageia 8 is also affected.
Patch available from upstreamWhiteboard:
Easy to assign: tv's baby.
openSUSE has issued an advisory for this on January 18:
Patch available from upstream =>
Patches available from upstream and openSUSE
SUSE has issued an advisory today (February 17):
It fixes a new security issue.
virglrenderer new security issue CVE-2022-0175 =>
virglrenderer new security issues CVE-2022-0135 and CVE-2022-0175
(In reply to David Walser from comment #3)
> SUSE has issued an advisory today (February 17):
> It fixes a new security issue.
Equivalent openSUSE advisory:
Ubuntu has issued an advisory for this today (February 28):
The updated packages fix security vulnerabilities:
An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl, leading to a denial of service or possible code execution. (CVE-2022-0135)
A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure. (CVE-2022-0175)
Updated packages in core/updates_testing:
Patches available from upstream and openSUSE =>
Installed and tested without issues.
Tested with a Mageia 8 guest, using glxinfo, glmarkl2 and 3D games (e.g. warzone2100).
I usually use PCI pass-through with a Radeon RX 6500 XT so I don't have much experience with virgl but in the tests I did it worked.
For some reason, virgl is limited to 60 FPS
See attached screen shot.
Host system: Mageia 8, x86_64, Plasma DE, AMD Ryzen 5 5600G with Radeon Graphics.
$ uname -a
Linux jupiter 5.19.16-desktop-1.mga8 #1 SMP PREEMPT_DYNAMIC Sat Oct 15 18:19:46 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -qa | grep virgl
Guest system: QEMU/KVM, Mageia 8, x86_64, LXQt DE, virgl using the integrated GPU in the AMD Ryzen 5 5600G.
$ uname -a
Linux vm-jupiter-mageia-8 5.19.16-desktop-1.mga8 #1 SMP PREEMPT_DYNAMIC Sat Oct 15 18:19:46 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
name of display: :0
display: :0 screen: 0
direct rendering: Yes
server glx vendor string: SGI
server glx version string: 1.4
server glx extensions:
client glx vendor string: Mesa Project and SGI
client glx version string: 1.4
Extended renderer info (GLX_MESA_query_renderer):
Vendor: Mesa/X.org (0x1af4)
Device: virgl (0x1010)
Video memory: 0MB
Unified memory: no
Preferred profile: core (0x1)
Max core profile version: 4.3
Max compat profile version: 3.1
Max GLES1 profile version: 1.1
Max GLES profile version: 3.1
OpenGL vendor string: Mesa/X.org
OpenGL renderer string: virgl
OpenGL core profile version string: 4.3 (Core Profile) Mesa 21.3.8
OpenGL core profile shading language version string: 4.30
OpenGL core profile context flags: (none)
OpenGL core profile profile mask: core profile
OpenGL core profile extensions:
Created attachment 13456 [details]
screen shot: guest Mageia 8 running glmark2 ; host running radeontop and htop
Many thanks for the test. Giving this an OK, and validating. Advisory in Comment 6.
An update for this issue has been pushed to the Mageia Updates repository.