SUSE has issued an advisory today (January 18): https://lists.suse.com/pipermail/sle-security-updates/2022-January/010013.html Mageia 8 is also affected.
Status comment: (none) => Patch available from upstreamWhiteboard: (none) => MGA8TOO
Easy to assign: tv's baby.
Assignee: bugsquad => thierry.vignaud
openSUSE has issued an advisory for this on January 18: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LNFLD35UGUIRPTGF3HA3JP2MXLLHWPIX/
Status comment: Patch available from upstream => Patches available from upstream and openSUSE
SUSE has issued an advisory today (February 17): https://lists.suse.com/pipermail/sle-security-updates/2022-February/010243.html It fixes a new security issue.
Summary: virglrenderer new security issue CVE-2022-0175 => virglrenderer new security issues CVE-2022-0135 and CVE-2022-0175
(In reply to David Walser from comment #3) > SUSE has issued an advisory today (February 17): > https://lists.suse.com/pipermail/sle-security-updates/2022-February/010243. > html > > It fixes a new security issue. Equivalent openSUSE advisory: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EQXVEUIFIMFD6G5N2JBQ2A6XUYVZBCSY/
Ubuntu has issued an advisory for this today (February 28): https://ubuntu.com/security/notices/USN-5309-1
Suggested advisory: ======================== The updated packages fix security vulnerabilities: An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl, leading to a denial of service or possible code execution. (CVE-2022-0135) A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure. (CVE-2022-0175) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0135 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0175 https://lists.suse.com/pipermail/sle-security-updates/2022-January/010013.html https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LNFLD35UGUIRPTGF3HA3JP2MXLLHWPIX/ https://lists.suse.com/pipermail/sle-security-updates/2022-February/010243.html https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EQXVEUIFIMFD6G5N2JBQ2A6XUYVZBCSY/ https://ubuntu.com/security/notices/USN-5309-1 ======================== Updated packages in core/updates_testing: ======================== lib(64)virglrenderer1-0.8.2-1.20200212git7d204f39.1.mga8 lib(64)virglrenderer-devel-0.8.2-1.20200212git7d204f39.1.mga8 virglrenderer-test-server-0.8.2-1.20200212git7d204f39.1.mga8 from SRPM: virglrenderer-0.8.2-1.20200212git7d204f39.1.mga8.src.rpm
Status comment: Patches available from upstream and openSUSE => (none)Version: Cauldron => 8Status: NEW => ASSIGNEDCC: (none) => nicolas.salgueroSource RPM: virglrenderer-0.9.1-1.20210420git36391559.mga9.src.rpm => virglrenderer-0.8.2-1.20200212git7d204f39.mga8.src.rpmCVE: (none) => CVE-2022-0135, CVE-2022-0175Whiteboard: MGA8TOO => (none)Assignee: thierry.vignaud => qa-bugs
Installed and tested without issues. Tested with a Mageia 8 guest, using glxinfo, glmarkl2 and 3D games (e.g. warzone2100). I usually use PCI pass-through with a Radeon RX 6500 XT so I don't have much experience with virgl but in the tests I did it worked. For some reason, virgl is limited to 60 FPS See attached screen shot. Host system: Mageia 8, x86_64, Plasma DE, AMD Ryzen 5 5600G with Radeon Graphics. $ uname -a Linux jupiter 5.19.16-desktop-1.mga8 #1 SMP PREEMPT_DYNAMIC Sat Oct 15 18:19:46 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux $ rpm -qa | grep virgl lib64virglrenderer1-0.8.2-1.20200212git7d204f39.1.mga8 Guest system: QEMU/KVM, Mageia 8, x86_64, LXQt DE, virgl using the integrated GPU in the AMD Ryzen 5 5600G. $ uname -a Linux vm-jupiter-mageia-8 5.19.16-desktop-1.mga8 #1 SMP PREEMPT_DYNAMIC Sat Oct 15 18:19:46 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux $ glxinfo name of display: :0 display: :0 screen: 0 direct rendering: Yes server glx vendor string: SGI server glx version string: 1.4 server glx extensions: <SNIP> client glx vendor string: Mesa Project and SGI client glx version string: 1.4 <SNIP> Extended renderer info (GLX_MESA_query_renderer): Vendor: Mesa/X.org (0x1af4) Device: virgl (0x1010) Version: 21.3.8 Accelerated: yes Video memory: 0MB Unified memory: no Preferred profile: core (0x1) Max core profile version: 4.3 Max compat profile version: 3.1 Max GLES1 profile version: 1.1 Max GLES[23] profile version: 3.1 OpenGL vendor string: Mesa/X.org OpenGL renderer string: virgl OpenGL core profile version string: 4.3 (Core Profile) Mesa 21.3.8 OpenGL core profile shading language version string: 4.30 OpenGL core profile context flags: (none) OpenGL core profile profile mask: core profile OpenGL core profile extensions: <SNIP>
CC: (none) => mageia
Created attachment 13456 [details] screen shot: guest Mageia 8 running glmark2 ; host running radeontop and htop
Many thanks for the test. Giving this an OK, and validating. Advisory in Comment 6.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_updateWhiteboard: (none) => MGA8-64-OK
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0401.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED