CVE-2017-6355

Name of the Vulnerable Software and Affected Versions virglrenderer versions prior to 0.6.0

Description The issue is caused by an integer overflow in the vrend create shader function, which can be triggered by local guest OS users via crafted pkt length and offlen values. This results in an out-of-bounds access, leading to a denial of service (process crash).

Recommendations For versions prior to 0.6.0, update to version 0.6.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the vrend create shader function to minimize the risk of exploitation.