PT-2022-7593 · Qemu+6 · Qemu+6

Alexander Bulekov

Published

2022-10-21

Updated

2024-06-15

CVE-2022-4172

CVSS v3.1

6.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions QEMU (affected versions not specified)

Description An integer overflow and buffer overflow issue were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read erst record() and write erst record() functions. These issues may allow a malicious guest to overrun the host buffer allocated for the ERST memory device, potentially crashing the QEMU process on the host.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

ALSA-2023:2162

ALT-PU-2022-3083

ALT-PU-2023-1507

ALT-PU-2023-1795

BDU:2024-07351

CVE-2022-4172

OPENSUSE-SU-2024:12685-1

RHSA-2023:2162

RHSA-2023_2162

USN-6167-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Linuxmint

Qemu

Red Hat

Ubuntu

PT-2022-7593 · Qemu+6 · Qemu+6

CVE-2022-4172

Weakness Enumeration

Related Identifiers

Affected Products

References · 44