CVE-2022-2962

Name
CVE-2022-2962
Description
A DMA reentrancy issue was found in the Tulip device emulation in QEMU. When Tulip reads or writes to the rx/tx descriptor or copies the rx/tx frame, it doesn't check whether the destination address is its own MMIO address. This can cause the device to trigger MMIO handlers multiple times, possibly leading to a stack or heap overflow. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://gitlab.com/qemu-project/qemu/-/commit/36a894aeb64a2e02871016da1c37d4a4ca109182
MISC https://gitlab.com/qemu-project/qemu/-/issues/1171

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:* qemu >= None <= 7.1.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
qemu edge-community 7.1.0-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
qemu 3.16-community 7.0.0-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable