Matthew Shao

**Name of the Vulnerable Software and Affected Versions** Virglrenderer versions through 0.8.0 **Description** A heap-based buffer overflow issue in the `vrend renderer transfer write iov` function allows guest OS users to cause a denial of service or achieve QEMU guest-to-host escape and code execution via `VIRGL CCMD RESOURCE INLINE WRITE` commands. This can potentially lead to unauthorized access to confidential data, disruption of data integrity, and service disruption. **Recommendations** For versions through 0.8.0, update to a version later than 0.8.0 to resolve the issue. As a temporary workaround, consider restricting the use of the `vrend renderer transfer write iov` function until a patch is available. Avoid using `VIRGL CCMD RESOURCE INLINE WRITE` commands in the affected API endpoint until the issue is resolved.