An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could use these flaws to crash the QEMU process on the host.
References
Link | Resource |
---|---|
https://gitlab.com/qemu-project/qemu/-/commit/defb7098 | Patch Third Party Advisory |
https://gitlab.com/qemu-project/qemu/-/issues/1268 | Exploit Issue Tracking Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O/ | |
https://lore.kernel.org/qemu-devel/20221024154233.1043347-1-lk%40c--e.de/ | |
https://security.netapp.com/advisory/ntap-20230127-0013/ | Third Party Advisory |
Configurations
History
07 Nov 2023, 03:57
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
CWE |
01 Feb 2023, 16:02
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20230127-0013/ - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O/ - Mailing List, Third Party Advisory | |
First Time |
Fedoraproject
Fedoraproject fedora |
27 Jan 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Dec 2022, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Dec 2022, 21:40
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://gitlab.com/qemu-project/qemu/-/commit/defb7098 - Patch, Third Party Advisory | |
References | (MISC) https://gitlab.com/qemu-project/qemu/-/issues/1268 - Exploit, Issue Tracking, Third Party Advisory | |
References | (MISC) https://lore.kernel.org/qemu-devel/20221024154233.1043347-1-lk@c--e.de/ - Patch, Vendor Advisory | |
CPE | cpe:2.3:a:qemu:qemu:7.0.0:-:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
First Time |
Qemu
Qemu qemu |
29 Nov 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-11-29 18:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-4172
Mitre link : CVE-2022-4172
CVE.ORG link : CVE-2022-4172
JSON object : View
Products Affected
qemu
- qemu
fedoraproject
- fedora
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')