CVE-2022-4144
published 2022-11-29CVE-2022-4144: An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed…
medium6.5CVSS 3.1
AVLACLPRLUINSCCNINAH
An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | qemu | < qemu 1:7.2+dfsg-1 (bookworm) | qemu 1:7.2+dfsg-1 (bookworm) |
| fedoraproject | extra_packages_for_enterprise_linux | — | — |
| fedoraproject | fedora | — | — |
| msrc | azl3_qemu_6.2.0-18_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| msrc | cbl2_qemu_6.2.0-12_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| msrc | cm1_qemu-kvm_4.2.0-48_on_cbl_mariner_1.0 | — | — |
| qemu | qemu | <= 7.1.0 | — |
| qemu | qemu | >= 0 < 1:7.2+dfsg-1 | 1:7.2+dfsg-1 |
| qemu | qemu | >= 0 < 1:7.2+dfsg-1 | 1:7.2+dfsg-1 |
| qemu | qemu | >= 0 < 1:7.2+dfsg-1 | 1:7.2+dfsg-1 |
| qemu | qemu | >= 0 < 1:4.2-3ubuntu6.27 | 1:4.2-3ubuntu6.27 |
| qemu | qemu | >= 0 < 1:6.2+dfsg-2ubuntu6.11 | 1:6.2+dfsg-2ubuntu6.11 |
| qemu | qemu | >= 0 < 2.0.0+dfsg-2ubuntu1.47+esm3 | 2.0.0+dfsg-2ubuntu1.47+esm3 |
| qemu | qemu | >= 0 < 1:2.5+dfsg-5ubuntu10.51+esm2 | 1:2.5+dfsg-5ubuntu10.51+esm2 |
| qemu | qemu | >= 0 < 1:2.11+dfsg-1ubuntu7.42+esm1 | 1:2.11+dfsg-1ubuntu7.42+esm1 |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
osv8.8HIGH
OSV
qemu vulnerabilities
osv·2023-06-19·CVSS 8.8
CVE-2022-1050 [HIGH] qemu vulnerabilities
qemu vulnerabilities
It was discovered that QEMU did not properly manage the guest drivers when
shared buffers are not allocated. A malicious guest driver could use this
issue to cause QEMU to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu
22.04 LTS and Ubuntu 22.10. (CVE-2022-1050)
It was discovered that QEMU did not properly check the size of the
structure pointed to by the guest physical address pqxl. A malicious guest
attacker could use this issue to cause QEMU to crash, resulting in a denial
of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS,
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10.
(CVE-2022-4144)
It was discovered that QEMU did not properly manage mem
OSV
CVE-2022-4144: An out-of-bounds read flaw was found in the QXL display device emulation in QEMU
osv·2022-11-29·CVSS 6.5
CVE-2022-4144 [MEDIUM] CVE-2022-4144: An out-of-bounds read flaw was found in the QXL display device emulation in QEMU
An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition.
GHSA
GHSA-rc5v-q774-439g: An out-of-bounds read flaw was found in the QXL display device emulation in QEMU
ghsa_unreviewed·2022-11-29
CVE-2022-4144 [MEDIUM] CWE-125 GHSA-rc5v-q774-439g: An out-of-bounds read flaw was found in the QXL display device emulation in QEMU
An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition.
Ubuntu
QEMU vulnerabilities
vendor_ubuntu·2023-06-19·CVSS 8.8
CVE-2022-4172 [HIGH] QEMU vulnerabilities
Title: QEMU vulnerabilities
Summary: Several security issues were fixed in QEMU.
It was discovered that QEMU did not properly manage the guest drivers when
shared buffers are not allocated. A malicious guest driver could use this
issue to cause QEMU to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu
22.04 LTS and Ubuntu 22.10. (CVE-2022-1050)
It was discovered that QEMU did not properly check the size of the
structure pointed to by the guest physical address pqxl. A malicious guest
attacker could use this issue to cause QEMU to crash, resulting in a denial
of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS,
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10.
(CVE-2022-4
Red Hat
QEMU: QXL: qxl_phys2virt unsafe address translation can lead to out-of-bounds read
vendor_redhat·2022-11-25·CVSS 6.5
CVE-2022-4144 [MEDIUM] CWE-125 QEMU: QXL: qxl_phys2virt unsafe address translation can lead to out-of-bounds read
QEMU: QXL: qxl_phys2virt unsafe address translation can lead to out-of-bounds read
An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition.
An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest's physical address, potentially reading past the end of the bar space into adjacent pages. This could allow a malicious guest user to crash the QEMU proce
Microsoft
An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address potenti
vendor_msrc·2022-11-08·CVSS 6.5
CVE-2022-4144 [MEDIUM] CWE-125 An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address potenti
An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transpare
Debian
CVE-2022-4144: qemu - An out-of-bounds read flaw was found in the QXL display device emulation in QEMU...
vendor_debian·2022·CVSS 6.5
CVE-2022-4144 [MEDIUM] CVE-2022-4144: qemu - An out-of-bounds read flaw was found in the QXL display device emulation in QEMU...
An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition.
Scope: local
bookworm: resolved (fixed in 1:7.2+dfsg-1)
bullseye: open
forky: resolved (fixed in 1:7.2+dfsg-1)
sid: resolved (fixed in 1:7.2+dfsg-1)
trixie: resolved (fixed in 1:7.2+dfsg-1)
No detection rules found.
Nuclei
WordPress Fontsy <=1.8.6 - SQL Injection
nuclei·CVSS 9.8
CVE-2022-4447 [CRITICAL] WordPress Fontsy <=1.8.6 - SQL Injection
WordPress Fontsy =1.8.7) or apply the vendor-provided patch to mitigate the SQL Injection vulnerability.
reference:
- https://wpscan.com/vulnerability/6939c405-ac62-4144-bd86-944d7b89d0ad
- https://wordpress.org/plugins/fontsy/
- https://nvd.nist.gov/vuln/detail/CVE-2022-4447
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/cyllective/CVEs
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-4447
cwe-id: CWE-89
epss-score: 0.76126
epss-percentile: 0.98919
cpe: cpe:2.3:a:fontsy_project:fontsy:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 1
vendor: fontsy_project
product: fontsy
framework: wordpress
tags: cve,cve2022,wordpress,wp,wpscan,wp-plugin,sqli,fontsy,unauth,fontsy_project,vkev,vuln
variables
No writeups or analysis indexed.
https://bugzilla.redhat.com/show_bug.cgi?id=2148506https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTVPHLLXJ65BUMFBUUZ35F3J632SLFRK/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O/https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg04143.htmlhttps://security.netapp.com/advisory/ntap-20230127-0012/https://bugzilla.redhat.com/show_bug.cgi?id=2148506https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTVPHLLXJ65BUMFBUUZ35F3J632SLFRK/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O/https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg04143.htmlhttps://security.netapp.com/advisory/ntap-20230127-0012/
2022-11-29
Published