CVSS: 8.6EPSS: 0%CPEs: 7EXPL: 0CVE-2022-3872
https://notcve.org/view.php?id=CVE-2022-3872
An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport, respectively, if data_count == block_size. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. Se encontró un problema de lectura/escritura de uno en uno en el dispositivo SDHCI de QEMU. Ocurre al leer/escribir el registro del Puerto de Datos del Búfer en sdhci_read_dataport y sdhci_write_dataport, respectivamente, si data_count == block_size. • https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg01068.html https://security.netapp.com/advisory/ntap-20221215-0005 • CWE-193: Off-by-one Error •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-3165 – QEMU: VNC: integer underflow in vnc_client_cut_text_ext leads to CPU exhaustion
https://notcve.org/view.php?id=CVE-2022-3165
An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service. Se ha encontrado un problema de desbordamiento de enteros en el servidor VNC de QEMU mientras son procesados mensajes ClientCutText en el formato extendido. Un cliente malicioso podría usar este fallo para hacer que QEMU no responda mediante el envío de un mensaje de carga útil especialmente diseñado, resultando en una denegación de servicio An integer underflow issue was found in the QEMU built-in VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service. • https://gitlab.com/qemu-project/qemu/-/commit/d307040b18 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I36LKZA7Z65J3LJU2P37LVTWDFTXBMPU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTY7TVHX62OJWF6IOBCIGLR2N5K4QN3E https://security.netapp.com/advisory/ntap-20221223-0006 https://access.redhat.com/security/cve/CVE-2022-3165 https://bugzilla.redhat.com/show_bug.cgi?id=2129739 • CWE-191: Integer Underflow (Wrap or Wraparound) CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2962
https://notcve.org/view.php?id=CVE-2022-2962
A DMA reentrancy issue was found in the Tulip device emulation in QEMU. When Tulip reads or writes to the rx/tx descriptor or copies the rx/tx frame, it doesn't check whether the destination address is its own MMIO address. This can cause the device to trigger MMIO handlers multiple times, possibly leading to a stack or heap overflow. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. Se encontró un problema de reentrada DMA en la emulación del dispositivo Tulip en QEMU. • https://gitlab.com/qemu-project/qemu/-/commit/36a894aeb64a2e02871016da1c37d4a4ca109182 https://gitlab.com/qemu-project/qemu/-/issues/1171 • CWE-400: Uncontrolled Resource Consumption CWE-662: Improper Synchronization •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-35414
https://notcve.org/view.php?id=CVE-2022-35414
softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here, i.e., "Bugs affecting the non-virtualization use case are not considered security bugs at this time. ** EN DISPUTA ** El archivo softmmu/physmem.c en QEMU versiones hasta 7.0.0, puede llevar a cabo una lectura no inicializada en la ruta translate_fail, conllevando a un bloqueo io_readx o io_writex. NOTA: un tercero afirma que el caso de uso de no virtualización en la referencia de qemu.org se aplica aquí, es decir, "Los errores que afectan al caso de uso de no virtualización no se consideran errores de seguridad en este momento" • https://github.com/qemu/qemu/blob/f200ff158d5abcb974a6b597a962b6b2fbea2b06/softmmu/physmem.c https://github.com/qemu/qemu/blob/v7.0.0/include/exec/cpu-all.h#L145-L148 https://github.com/qemu/qemu/commit/3517fb726741c109cae7995f9ea46f0cab6187d6#diff-83c563ed6330dc5d49876f1116e7518b5c16654bbc6e9b4ea8e28f5833d576fcR482 https://github.com/qemu/qemu/commit/3517fb726741c109cae7995f9ea46f0cab6187d6#diff-83c563ed6330dc5d49876f1116e7518b5c16654bbc6e9b4ea8e28f5833d576fcR482.aa https://github.com/qemu/qemu/commit/418ade7849ce7641c0f7333718caf5091a02fd4c https://gitlab.com/qemu-project/qemu • CWE-908: Use of Uninitialized Resource •