CBL Mariner 2.0 Security Update: qemu (CVE-2022-36648)

The version of qemu installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-36648 advisory. - The hardware emulation in the ofdpacmdaddl2flood of rocker device model in QEMU, as used in 7.0.0 and earlier,...

The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU as used in 7.0.0 and earlier allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has been disputed by multiple third parties as not a valid vulnerability due to the rocker device not falling within the virtualization use case.

...

CVE-2022-36648

A NULL pointer dereference bug was found in the rocker device emulated ethernet switch of QEMU. The rockertlvparsenested function could return early because of no group ids in the grouptlvs array. In such case, the tlvs pointer is NULL and tlvsi + 1 in the next for-loop iteration ends up...

SUSE CVE-2022-36648

The hardware emulation in the ofdpacmdaddl2flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has been disputed by multiple third...

CVE-2022-36648

The hardware emulation in the ofdpacmdaddl2flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has been disputed by multiple third...

AZL-35162 CVE-2022-36648 affecting package qemu for versions less than 6.2.0-18

The hardware emulation in the ofdpacmdaddl2flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has been disputed by multiple third...

CVE-2022-36648

The hardware emulation in the ofdpacmdaddl2flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has been disputed by multiple third...

AZL-28069 CVE-2022-36648 affecting package qemu for versions less than 6.2.0-17

The hardware emulation in the ofdpacmdaddl2flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has been disputed by multiple third...

CVE-2022-36648

The hardware emulation in the ofdpacmdaddl2flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has been disputed by multiple third...

DEBIAN-CVE-2022-36648

The hardware emulation in the ofdpacmdaddl2flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has been disputed by multiple third...

Design/Logic Flaw

The hardware emulation in the ofdpacmdaddl2flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS...

CVE-2022-36648

The hardware emulation in the ofdpacmdaddl2flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has been disputed by multiple third...

QEMU 代码问题漏洞

QEMU Quick Emulator is a set of simulation processor software by Fabrice Bellard, a French individual developer. The software is fast and cross-platform. A code issue vulnerability exists in QEMU rocker device model 7.0.0 and earlier versions, which stems from a null pointer dereference issue in...

CVE-2022-36648

The CVE-2022-36648 entry concerns QEMU’s rocker device model, specifically the of_dpa_cmd_add_l2_flood path, in versions 7.0.0 and earlier. The vulnerability is described as allowing remote attackers to crash the host QEMU and potentially execute code on the host by executing a malformed program ...

CVE-2022-36648

The hardware emulation in the ofdpacmdaddl2flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has been disputed by multiple third...

CVE-2022-36648

The hardware emulation in the ofdpacmdaddl2flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has been disputed by multiple third...

PT-2023-4550 · Qemu +2 · Qemu +2

Name of the Vulnerable Software and Affected Versions: QEMU versions 7.0.0 and earlier Description: The issue is related to errors in pointer dereferencing in the of dpa cmd add l2 flood module of the QEMU hardware emulator. Exploitation of this issue may allow a remote attacker to cause a denial...