CVE-2022-0216Use After Free in Qemu

CWE-416Use After Free8 documents7 sources
Severity
4.4MEDIUMNVD
OSV8.5
EPSS
0.0%
top 93.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
QemuDebian QemuFedoraproject Fedora+1 more
Timeline
PublishedAug 26
Latest updateDec 12

Description

A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 0.8 | Impact: 3.6

Affected Packages6 packages

NVDqemu/qemu< 6.0.0
debiandebian/qemu< qemu 1:7.1+dfsg-1 (bookworm)
Debianqemu/qemu< 1:5.2+dfsg-11+deb11u3+3
Ubuntuqemu/qemu< 1:2.11+dfsg-1ubuntu7.41+4
CVEListV5qemu/qemuAffects QEMU < v6.0.0, Fixed in v7.1.0-rc0

Also affects: Fedora 37

Patches

Patch: gitlab.comPatch: gitlab.com

🔴Vulnerability Details

3
OSV
qemu vulnerabilities2022-12-12
GHSA
GHSA-jr85-6g96-46pc: A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU2022-08-27
OSV
CVE-2022-0216: A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU2022-08-26

📋Vendor Advisories

4
Ubuntu
QEMU vulnerabilities2022-12-12
Microsoft
A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do2022-08-09
Red Hat
QEMU: use-after-free in lsi_do_msgout function in hw/scsi/lsi53c895a.c2022-03-28
Debian
CVE-2022-0216: qemu - A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter...2022