10 matches found
CBL Mariner 2.0 Security Update: qemu (CVE-2022-36648)
The version of qemu installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-36648 advisory. - The hardware emulation in the ofdpacmdaddl2flood of rocker device model in QEMU, as used in 7.0.0 and earlier,...
The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU as used in 7.0.0 and earlier allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has been disputed by multiple third parties as not a valid vulnerability due to the rocker device not falling within the virtualization use case.
...
CVE-2022-36648
A NULL pointer dereference bug was found in the rocker device emulated ethernet switch of QEMU. The rockertlvparsenested function could return early because of no group ids in the grouptlvs array. In such case, the tlvs pointer is NULL and tlvsi + 1 in the next for-loop iteration ends up...
CVE-2022-36648
The hardware emulation in the ofdpacmdaddl2flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has been disputed by multiple third...
AZL-28069 CVE-2022-36648 affecting package qemu for versions less than 6.2.0-17
The hardware emulation in the ofdpacmdaddl2flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has been disputed by multiple third...
AZL-35162 CVE-2022-36648 affecting package qemu for versions less than 6.2.0-18
The hardware emulation in the ofdpacmdaddl2flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has been disputed by multiple third...
CVE-2022-36648
The hardware emulation in the ofdpacmdaddl2flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has been disputed by multiple third...
Design/Logic Flaw
The hardware emulation in the ofdpacmdaddl2flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS...
CVE-2022-36648
The CVE-2022-36648 entry concerns QEMU’s rocker device model, specifically the of_dpa_cmd_add_l2_flood path, in versions 7.0.0 and earlier. The vulnerability is described as allowing remote attackers to crash the host QEMU and potentially execute code on the host by executing a malformed program ...
CVE-2022-36648
The hardware emulation in the ofdpacmdaddl2flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has been disputed by multiple third...