CVE-2022-2962

2022-09-1320:15:09

Alpine Linux Development Team

security.alpinelinux.org

cve-2022-2962

qemu

tulip

dma reentrancy

denial of service

mmio

stack overflow

heap overflow

malicious guest

unix

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.8%

JSON

A DMA reentrancy issue was found in the Tulip device emulation in QEMU. When Tulip reads or writes to the rx/tx descriptor or copies the rx/tx frame, it doesn’t check whether the destination address is its own MMIO address. This can cause the device to trigger MMIO handlers multiple times, possibly leading to a stack or heap overflow. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.

OSVersionArchitecturePackageVersionFilename
Alpineedge-communitynoarchqemu< 7.1.0-r4UNKNOWN
Alpine3.17-communitynoarchqemu< 7.1.0-r4UNKNOWN
Alpine3.18-communitynoarchqemu< 7.1.0-r4UNKNOWN
Alpine3.19-communitynoarchqemu< 7.1.0-r4UNKNOWN
Alpine3.20-communitynoarchqemu< 7.1.0-r4UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Alpine	edge-community	noarch	qemu	< 7.1.0-r4	UNKNOWN
Alpine	3.17-community	noarch	qemu	< 7.1.0-r4	UNKNOWN
Alpine	3.18-community	noarch	qemu	< 7.1.0-r4	UNKNOWN
Alpine	3.19-community	noarch	qemu	< 7.1.0-r4	UNKNOWN
Alpine	3.20-community	noarch	qemu	< 7.1.0-r4	UNKNOWN