CVE-2025-2509 | THREATINT

Description

Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process, potentially leading to VM escape via crafted vertex elements data triggering an out-of-bounds read in util_format_description.

PUBLISHED Reserved 2025-03-18 | Published 2025-05-06 | Updated 2026-02-26 | Assigner ChromeOS

Problem types

Memory Corruption

Product status

16093.57.0 (custom) before 16093.57.0

affected

References

issuetracker.google.com/issues/385851796

issues.chromium.org/issues/b/385851796

cve.org (CVE-2025-2509)

nvd.nist.gov (CVE-2025-2509)

Download JSON