CVE-2025-2509 Information

Description

Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process potentially leading to VM escape via crafted vertex elements data triggering an out-of-bounds read in util_format_description.

Reference

https://issues.chromium.org/issues/b/385851796 https://issuetracker.google.com/issues/385851796