Unrated severityNVD Advisory· Published May 6, 2025· Updated Feb 26, 2026
CVE-2025-2509
CVE-2025-2509
Description
Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process, potentially leading to VM escape via crafted vertex elements data triggering an out-of-bounds read in util_format_description.
Affected products
8- Range: 16093.57.0
- osv-coords6 versionspkg:deb/ubuntu/virglrenderer@0.6.0-2?arch=source&distro=esm-apps/bionicpkg:deb/ubuntu/virglrenderer@0.8.2-1ubuntu1.1?arch=source&distro=focalpkg:deb/ubuntu/virglrenderer@0.9.1-1~exp1ubuntu2?arch=source&distro=jammypkg:deb/ubuntu/virglrenderer@1.0.0-1ubuntu2?arch=source&distro=noblepkg:deb/ubuntu/virglrenderer@1.0.0-1ubuntu2?arch=source&distro=oracularpkg:deb/ubuntu/virglrenderer@1.1.0-2?arch=source&distro=plucky
>= 0+ 5 more
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.