Lucene search
RedhatCVELIST:CVE-2022-2962HistorySep 13, 2022 - 7:18 p.m.
CVE-2022-2962
2022-09-1319:18:14
CWE-400
redhat
www.cve.org
2
cve-2022-2962
qemu
tulip device
dma reentrancy
mmio address
stack overflow
heap overflow
denial of service
A DMA reentrancy issue was found in the Tulip device emulation in QEMU. When Tulip reads or writes to the rx/tx descriptor or copies the rx/tx frame, it doesn’t check whether the destination address is its own MMIO address. This can cause the device to trigger MMIO handlers multiple times, possibly leading to a stack or heap overflow. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.
CNA Affected
[
{
"product": "QEMU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Will be fixed in QEMU 7.2.0-rc0"
}
]
}
]Related
osv
osv
CVE-2022-2962
2022-09-13 20:15:09
qemu vulnerabilities
2022-12-12 06:51:06
cbl_mariner
cbl_mariner
CVE-2022-2962 affecting package qemu for versions less than 6.2.0-13
2023-01-17 16:47:04
CVE-2022-2962 affecting package qemu for versions less than 6.2.0-18
2024-03-19 17:21:46
CVE-2022-2962 affecting package qemu-kvm 4.2.0-43
2023-01-12 20:55:00
cve
cve
CVE-2022-2962
2022-09-13 20:15:09
nvd
nvd
CVE-2022-2962
2022-09-13 20:15:09
redhatcve
redhatcve
CVE-2022-2962
2022-08-23 13:10:01
ubuntucve
ubuntucve
CVE-2022-2962
2022-09-13 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-09-18 01:10:34
alpinelinux
alpinelinux
CVE-2022-2962
2022-09-13 20:15:09
debiancve
debiancve
CVE-2022-2962
2022-09-13 20:15:09
prion
prion
Design/Logic Flaw
2022-09-13 20:15:00
openvas
openvas
Ubuntu: Security Advisory (USN-5772-1)
2022-12-13 00:00:00
ubuntu
ubuntu
QEMU vulnerabilities
2022-12-12 00:00:00
nessus
nessus