CVE-2022-4144 — Out-of-bounds Read in Qemu

CWE-125 — Out-of-bounds Read10 documents9 sources

Severity

6.5MEDIUMNVD

OSV8.8

EPSS

0.0%

top 94.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qemu Fedoraproject Extra Packages FOR Enterprise Linux Fedoraproject Fedora +1 more

Timeline

PublishedNov 29

Latest updateJun 19

Description

An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 2.0 | Impact: 4.0

Affected Packages4 packages

▶Debianqemu/qemu< 1:7.2+dfsg-1+2

▶Ubuntuqemu/qemu< 1:4.2-3ubuntu6.27+4

▶NVDqemu/qemu7.1.0

▶NVDfedoraproject/extra_packages8.0

Also affects: Fedora 37, Enterprise Linux 8.0

Patches

Patch: bugzilla.redhat.com ↗Patch: lists.nongnu.org ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

OSV

qemu vulnerabilities↗2023-06-19

▶

OSV

CVE-2022-4144: An out-of-bounds read flaw was found in the QXL display device emulation in QEMU↗2022-11-29

▶

GHSA

GHSA-rc5v-q774-439g: An out-of-bounds read flaw was found in the QXL display device emulation in QEMU↗2022-11-29

▶

CVEList

CVE-2022-4144: An out-of-bounds read flaw was found in the QXL display device emulation in QEMU↗2022-11-29

▶

💥Exploits & PoCs

Nuclei

WordPress Fontsy <=1.8.6 - SQL Injection

▶

📋Vendor Advisories

Ubuntu

QEMU vulnerabilities↗2023-06-19

▶

Red Hat

QEMU: QXL: qxl_phys2virt unsafe address translation can lead to out-of-bounds read↗2022-11-25

▶

Microsoft

▶

Debian

CVE-2022-4144: qemu - An out-of-bounds read flaw was found in the QXL display device emulation in QEMU...↗2022

▶