PT-2022-7293 · Qemu+11 · Qemu+11

Awxylitol

Published

2022-11-29

Updated

2024-06-15

CVE-2022-4144

CVSS v3.1

6.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions QEMU (affected versions not specified)

Description An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host, causing a denial of service condition.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2023:0099

ALT-PU-2022-3429

ALT-PU-2023-1830

ALT-PU-2023-1869

AZL-11522

AZL-35164

BDU:2024-02426

CESA-2023_0099

CVE-2022-4144

OESA-2022-2136

OPENSUSE-SU-2024:12685-1

RHSA-2023:0099

RHSA-2023:0432

RHSA-2023_0099

RLSA-2023:0099

SUSE-SU-2023:0671-1

SUSE-SU-2023:0761-1

SUSE-SU-2023:0840-1

SUSE-SU-2023:0877-1

SUSE-SU-2023:0878-1

SUSE-SU-2023_0877-1

USN-6167-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Linuxmint

Qemu

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2022-7293 · Qemu+11 · Qemu+11

CVE-2022-4144

Weakness Enumeration

Related Identifiers

Affected Products

References · 86