CVE-2022-1050Use After Free in Qemu

CWE-416Use After FreeCWE-681Incorrect Conversion between Numeric Types9 documents7 sources
Severity
8.8HIGHNVD
EPSS
0.0%
top 91.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
QemuDebian QemuMsrc Cbl2 Qemu 6.2.0-2 ON CBL Mariner 2.0+3 more
Timeline
PublishedMar 29
Latest updateJun 18

Description

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages9 packages

NVDqemu/qemu< 2.20.1
debiandebian/qemu< qemu 1:7.1+dfsg-2 (bookworm)
Debianqemu/qemu< 1:5.2+dfsg-11+deb11u3+3
Ubuntuqemu/qemu< 1:4.2-3ubuntu6.27+4
CVEListV5qemu/qemuqemu 2.20.1

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
OSV
qemu vulnerabilities2023-06-19
GHSA
GHSA-hgm4-v6hc-gqq9: Guest driver might execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition2022-03-30
OSV
CVE-2022-1050: A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device2022-03-29

📋Vendor Advisories

5
Red Hat
kernel: loop: Check for overflow while configuring loop2025-06-18
Ubuntu
QEMU vulnerabilities2023-06-19
Red Hat
QEMU: pvrdma: use-after-free issue in pvrdma_exec_cmd()2022-03-21
Microsoft
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands when shared buffers are not yet allocated potentially le2022-03-08
Debian
CVE-2022-1050: qemu - A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device....2022