Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-3872

An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport, respectively, if data_count == block_size. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.

Published

2022-11-07T21:15:09.610

Last Modified

2025-05-05T21:15:46.473

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.6 (HIGH)

Weaknesses

Type: Primary
CWE-193

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	qemu	qemu	< 7.1.0	Yes
Application	qemu	qemu	7.1.0	Yes
Application	qemu	qemu	7.1.0	Yes
Application	qemu	qemu	7.1.0	Yes
Application	qemu	qemu	7.1.0	Yes
Application	qemu	qemu	7.1.0	Yes
Application	qemu	qemu	7.1.0	Yes

References

https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg01068.html Mailing List, Patch, Third Party Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20221215-0005/ Third Party Advisory ([email protected])
https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg01068.html Mailing List, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20221215-0005/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)