CVE-2022-0175

MEDIUM Year: 2022
CVSS v3 Score
5.5
Medium
Weakness Type
CWE-909
View all →

Vulnerability Description

A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure.

Related Vulnerabilities

CVE-2017-0730

MEDIUM
CVSS:5.5(Medium)

A denial of service vulnerability in the Android media framework (h264 decoder). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36279112.

CWE-9092017

CVE-2018-9511

MEDIUM
CVSS:5.5(Medium)

In ipSecSetEncapSocketOwner of XfrmController.cpp, there is a possible failure to initialize a security feature due to uninitialized data. This could lead to local denial of service of IPsec on socket...

CWE-9092018

CVE-2020-0134

MEDIUM
CVSS:5.5(Medium)

In BnDrm::onTransact of IDrm.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. ...

CWE-9092020

CVE-2020-1419

MEDIUM
CVSS:5.5(Medium)

An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique f...

CWE-9092020

CVE-2020-9227

MEDIUM
CVSS:5.5(Medium)

Huawei Smart Phones Moana-AL00B with versions earlier than 10.1.0.166 have a missing initialization of resource vulnerability. An attacker tricks the user into installing then running a crafted applic...

CWE-9092020

CVE-2021-0484

MEDIUM
CVSS:5.5(Medium)

In readVector of IMediaPlayer.cpp, there is a possible read of uninitialized heap data due to a missing bounds check. This could lead to local information disclosure with no additional execution privi...

CWE-9092021