Lucene search

K
ubuntucveUbuntu.comUB:CVE-2022-4144
HistoryNov 29, 2022 - 12:00 a.m.

CVE-2022-4144

2022-11-2900:00:00
ubuntu.com
ubuntu.com
12
cve-2022-4144
qemu
qxl display

CVSS3

6.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

EPSS

0

Percentile

14.2%

An out-of-bounds read flaw was found in the QXL display device emulation in
QEMU. The qxl_phys2virt() function does not check the size of the structure
pointed to by the guest physical address, potentially reading past the end
of the bar space into adjacent pages. A malicious guest user could use this
flaw to crash the QEMU process on the host causing a denial of service
condition.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchqemu< 1:2.11+dfsg-1ubuntu7.42+esm1UNKNOWN
ubuntu20.04noarchqemu< 1:4.2-3ubuntu6.27UNKNOWN
ubuntu22.04noarchqemu< 1:6.2+dfsg-2ubuntu6.11UNKNOWN
ubuntu22.10noarchqemu< 1:7.0+dfsg-7ubuntu2.6UNKNOWN
ubuntu14.04noarchqemu< 2.0.0+dfsg-2ubuntu1.47+esm3UNKNOWN
ubuntu16.04noarchqemu< 1:2.5+dfsg-5ubuntu10.51+esm2UNKNOWN

CVSS3

6.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

EPSS

0

Percentile

14.2%