Vulnerability CVE-2022-4172: Information
Description
An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could use these flaws to crash the QEMU process on the host.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
pve-qemu | sisyphus | 7.2.0-alt1 | 8.1.5-alt1 | ALT-PU-2023-1507-1 | 316507 | Fixed |
pve-qemu | p10 | 7.2.0-alt1 | 7.2.0-alt4 | ALT-PU-2023-1795-1 | 318466 | Fixed |
pve-qemu | c10f1 | 7.2.0-alt1 | 7.2.0-alt3 | ALT-PU-2023-1795-1 | 318466 | Fixed |
pve-qemu | p11 | 7.2.0-alt1 | 8.1.5-alt1 | ALT-PU-2023-1507-1 | 316507 | Fixed |
qemu | sisyphus | 7.1.0-alt1 | 8.2.3-alt1 | ALT-PU-2022-3083-1 | 310014 | Fixed |
qemu | sisyphus_riscv64 | 7.1.0-alt1 | 8.0.3-alt0.1.rv64 | ALT-PU-2022-7149-1 | - | Fixed |
qemu | p11 | 7.1.0-alt1 | 8.2.3-alt1 | ALT-PU-2022-3083-1 | 310014 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://gitlab.com/qemu-project/qemu/-/commit/defb7098 |
|
https://gitlab.com/qemu-project/qemu/-/issues/1268 |
|
https://security.netapp.com/advisory/ntap-20230127-0013/ |
|
https://lore.kernel.org/qemu-devel/20221024154233.1043347-1-lk%40c--e.de/ | |
FEDORA-2022-22b1f8dae2 |