7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0005 Low
EPSS
Percentile
17.8%
A DMA reentrancy issue was found in the Tulip device emulation in QEMU.
When Tulip reads or writes to the rx/tx descriptor or copies the rx/tx
frame, it doesn’t check whether the destination address is its own MMIO
address. This can cause the device to trigger MMIO handlers multiple times,
possibly leading to a stack or heap overflow. A malicious guest could use
this flaw to crash the QEMU process on the host, resulting in a denial of
service condition.
launchpad.net/bugs/cve/CVE-2022-2962
lists.nongnu.org/archive/html/qemu-devel/2022-08/msg03033.html
lore.kernel.org/qemu-devel/[email protected]/
nvd.nist.gov/vuln/detail/CVE-2022-2962
security-tracker.debian.org/tracker/CVE-2022-2962
ubuntu.com/security/notices/USN-5772-1
www.cve.org/CVERecord?id=CVE-2022-2962