CVE-2025-2509

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-2509
Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process, potentially leading to VM escape via crafted vertex elements data triggering an out-of-bounds read in util_format_description.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://issues.chromium.org/issues/b/385851796
https://issuetracker.google.com/issues/385851796
Configurations

No configuration.

History

06 May 2025, 14:15

Type Values Removed Values Added
CWE CWE-125
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.8
Summary
  • (es) La lectura fuera de los límites en Virglrenderer en ChromeOS 16093.57.0 permite que una VM invitada maliciosa logre acceso a una dirección arbitraria dentro del proceso aislado crosvm, lo que potencialmente conduce a un escape de la VM a través de datos de elementos de vértice manipulados que desencadenan una lectura fuera de los límites en util_format_description.

06 May 2025, 01:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-05-06 01:15

Updated : 2025-05-07 14:13

NVD link : CVE-2025-2509

Mitre link : CVE-2025-2509

CVE.ORG link : CVE-2025-2509

JSON object : View

Products Affected

No product.

CWE
CWE-125

Out-of-bounds Read