qemu is vulnerable to Denial Of Service (DoS). The vulnerability exists due to the integer overflow and buffer overflow in the read_erst_record
and write_erst_record
functions of ACPI Error Record Serialization Table (ERST) device, allowing an attacker to cause an application crash
gitlab.com/qemu-project/qemu/-/commit/defb7098
gitlab.com/qemu-project/qemu/-/issues/1268
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O/
lists.fedoraproject.org/archives/list/[email protected]/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O/
lore.kernel.org/qemu-devel/20221024154233.1043347-1-lk%40c--e.de/
lore.kernel.org/qemu-devel/[email protected]/
security-tracker.debian.org/tracker/CVE-2022-4172
security.netapp.com/advisory/ntap-20230127-0013/