CVE-2022-3872Off-by-one Error in Qemu

CWE-193Off-by-one ErrorCWE-77Command Injection7 documents7 sources
Severity
8.6HIGHNVD
EPSS
0.1%
top 76.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
QemuWeblateDebian Qemu+9 more
Timeline
PublishedNov 7
Latest updateNov 8

Description

An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport, respectively, if data_count == block_size. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages13 packages

NVDqemu/qemu< 7.1.0+1
CVEListV5qemu/qemuAffected: up to latest v7.1.0-rc4
debiandebian/qemu

Patches

Patch: lists.nongnu.orgPatch: lists.nongnu.org

🔴Vulnerability Details

3
GHSA
GHSA-px5j-xw79-w7p8: An off-by-one read/write issue was found in the SDHCI device of QEMU2022-11-08
OSV
CVE-2022-3872: An off-by-one read/write issue was found in the SDHCI device of QEMU2022-11-07
GHSA
Duplicate Advisory: Command injection in Weblate2022-03-05

📋Vendor Advisories

3
Microsoft
An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport respectively if data_2022-11-08
Red Hat
QEMU: sdhci: buffer data port register off-by-one read/write2022-11-07
Debian
CVE-2022-3872: qemu - An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs ...2022