Lucene search

K

[email protected]NVD:CVE-2022-4172

HistoryNov 29, 2022 - 6:15 p.m.

CVE-2022-4172

2022-11-2918:15:10

CWE-120

[email protected]

web.nvd.nist.gov

integer overflow

buffer overflow

qemu

acpi

erst

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

19.0%

An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could use these flaws to crash the QEMU process on the host.

Affected configurations

NVD

Node

qemuqemuMatch7.0.0-

Node

fedoraprojectfedoraMatch37

References

gitlab.com/qemu-project/qemu/-/commit/defb7098

gitlab.com/qemu-project/qemu/-/issues/1268

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O/

lore.kernel.org/qemu-devel/20221024154233.1043347-1-lk%40c--e.de/

security.netapp.com/advisory/ntap-20230127-0013/

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

19.0%

Related for NVD:CVE-2022-4172

redhatcve1 cvelist1 veracode1 nessus9 debiancve1 ubuntucve1 cve1 osv3 prion1 cnvd1 redhat2 oraclelinux4 almalinux1 ubuntu1 openvas2 fedora1