CVE-2022-4144

CVSS V2 None CVSS V3 None
Description
An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition.
Overview
  • CVE ID
  • CVE-2022-4144
  • Assigner
  • secalert@redhat.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-11-29T18:15:10
  • Last Modified Date
  • 2023-03-29T18:05:58
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:* 1 OR 7.1.0
cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* 1 OR
History
Created Old Value New Value Data Type Notes
2022-12-07 18:05:30 Added to TrackCVE
2022-12-14 05:14:14 2022-11-29T18:15:10.550 2022-11-29T18:15:10 CVE Published Date updated
2022-12-14 05:14:14 2022-12-14T04:15:10 CVE Modified Date updated
2022-12-14 05:14:14 Analyzed Modified Vulnerability Status updated
2022-12-14 05:14:15 References updated
2022-12-19 04:28:21 Modified Undergoing Analysis Vulnerability Status updated
2023-01-10 20:25:44 2023-01-10T19:44:01 CVE Modified Date updated
2023-01-10 20:25:44 Undergoing Analysis Analyzed Vulnerability Status updated
2023-01-19 16:15:00 2023-01-19T15:15:13 CVE Modified Date updated
2023-01-19 16:15:00 Analyzed Modified Vulnerability Status updated
2023-01-19 16:15:00 References updated
2023-01-19 19:12:55 Modified Undergoing Analysis Vulnerability Status updated
2023-01-27 21:13:55 2023-01-27T20:15:14 CVE Modified Date updated
2023-01-27 21:13:57 References updated
2023-03-31 06:16:01 2023-03-29T18:05:58 CVE Modified Date updated
2023-03-31 06:16:01 Undergoing Analysis Analyzed Vulnerability Status updated