VYPR
Unrated severityNVD Advisory· Published May 6, 2025· Updated Feb 26, 2026

CVE-2025-2509

CVE-2025-2509

Description

Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process, potentially leading to VM escape via crafted vertex elements data triggering an out-of-bounds read in util_format_description.

Affected products

8

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.