CVE-2022-2962
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A DMA reentrancy issue was found in the Tulip device emulation in QEMU. When Tulip reads or writes to the rx/tx descriptor or copies the rx/tx frame, it doesn't check whether the destination address is its own MMIO address. This can cause the device to trigger MMIO handlers multiple times, possibly leading to a stack or heap overflow. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.
Se encontró un problema de reentrada DMA en la emulación del dispositivo Tulip en QEMU. Cuando Tulip lee o escribe en el descriptor rx/tx o copia la trama rx/tx, no comprueba si la dirección de destino es su propia dirección MMIO. Esto puede causar a el dispositivo disparar los manejadores MMIO múltiples veces, posiblemente conllevando a un desbordamiento de la pila (stack, heap). Un huésped malicioso podría usar este fallo para bloquear el proceso QEMU en el host, resultando en una condición de denegación de servicio
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2022-08-23 CVE Reserved
- 2022-09-13 CVE Published
- 2024-04-05 EPSS Updated
- 2024-08-22 CVE Updated
- 2024-08-22 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-400: Uncontrolled Resource Consumption
- CWE-662: Improper Synchronization
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://gitlab.com/qemu-project/qemu/-/issues/1171 | 2024-08-22 |
URL | Date | SRC |
---|---|---|
https://gitlab.com/qemu-project/qemu/-/commit/36a894aeb64a2e02871016da1c37d4a4ca109182 | 2023-06-28 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | >= 4.2.0 <= 7.1.0 Search vendor "Qemu" for product "Qemu" and version " >= 4.2.0 <= 7.1.0" | - |
Affected
|