CVE-2022-4172

Exploit

EPSS 0.03%
Published 29.11.2022 18:15:10
Last modified 14.04.2025 18:15:25
Source secalert@redhat.com
Teams watchlist Login
Open Login

An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could use these flaws to crash the QEMU process on the host.

Affected products Warnungen 0 Metrics 3 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Qemu ≫ Qemu Version7.0.0 Update-

Fedoraproject ≫ Fedora Version37

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.057

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2	4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	2	4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O/

https://gitlab.com/qemu-project/qemu/-/commit/defb7098

Patch

Third Party Advisory

https://gitlab.com/qemu-project/qemu/-/issues/1268

Third Party Advisory

Exploit

Issue Tracking

https://lore.kernel.org/qemu-devel/20221024154233.1043347-1-lk%40c--e.de/

https://security.netapp.com/advisory/ntap-20230127-0013/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-4172

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-4172

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-4172

EUVD