Lucene search

K

[email protected]NVD:CVE-2022-4144

HistoryNov 29, 2022 - 6:15 p.m.

CVE-2022-4144

2022-11-2918:15:10

CWE-125

[email protected]

web.nvd.nist.gov

1

qxl

display device

qemu

out-of-bounds read

denial of service

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

14.4%

An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition.

Affected configurations

NVD

Node

qemuqemuRange≤7.1.0

Node

fedoraprojectextra_packages_for_enterprise_linuxMatch8.0

OR

fedoraprojectfedoraMatch37

Node

redhatenterprise_linuxMatch8.0

References

bugzilla.redhat.com/show_bug.cgi?id=2148506

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTVPHLLXJ65BUMFBUUZ35F3J632SLFRK/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O/

lists.nongnu.org/archive/html/qemu-devel/2022-11/msg04143.html

security.netapp.com/advisory/ntap-20230127-0012/

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

14.4%

Related for NVD:CVE-2022-4144

nessus31 osv4 cbl_mariner3 openvas18 oraclelinux4 veracode1 prion1 redhat2 debiancve1 cvelist1 redhatcve1 alpinelinux1 cve1 almalinux1 rocky1 ubuntucve1 fedora2 ubuntu1 redos1 amazon1