CVE-2022-2962

2022-09-1320:15:09

CWE-400

CWE-662

[email protected]

web.nvd.nist.gov

cve-2022-2962

nvd

qemu

tulip

dma

reentrancy

denial of service

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.8%

JSON

A DMA reentrancy issue was found in the Tulip device emulation in QEMU. When Tulip reads or writes to the rx/tx descriptor or copies the rx/tx frame, it doesn’t check whether the destination address is its own MMIO address. This can cause the device to trigger MMIO handlers multiple times, possibly leading to a stack or heap overflow. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.

Affected configurations

Vulners

NVD

Node

qemuqemuRange≤7.2.0

VendorProductVersionCPE
qemuqemu*cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qemu	qemu	*	cpe:2.3:a:qemu:qemu::::::::

CNA Affected

[
  {
    "product": "QEMU",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Will be fixed in QEMU 7.2.0-rc0"
      }
    ]
  }
]