CVE Vulnerability

CVE-2022-2962

A DMA reentrancy issue was found in the Tulip device emulation in QEMU. When Tulip reads or writes to the rx/tx descriptor or copies the rx/tx frame, it doesn't check whether the destination address is its own MMIO address. This can cause the device to trigger MMIO handlers multiple times, possibly leading to a stack or heap overflow. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.

7.8 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://gitlab.com/qemu-project/qemu/-/commit/36a894aeb64a2e02871016da1c37d4a4ca109182 Patch Third Party Advisory
https://gitlab.com/qemu-project/qemu/-/issues/1171 Exploit Issue Tracking
Configurations

Configuration 1

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
Information

Published : 2022-09-13 08:15

Updated : 2022-09-30 06:28

NVD link : CVE-2022-2962

Mitre link : CVE-2022-2962

Products Affected
No products.
CWE
CWE-787