{ "id": "CVE-2022-4144", "sourceIdentifier": "secalert@redhat.com", "published": "2022-11-29T18:15:10.550", "lastModified": "2023-03-29T18:05:58.257", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 2.0, "impactScore": 4.0 } ] }, "weaknesses": [ { "source": "secalert@redhat.com", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-125" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "versionEndIncluding": "7.1.0", "matchCriteriaId": "663BBD2C-0026-4052-B094-CC1FFB3923E4" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "BB176AC3-3CDA-4DDA-9089-C67B2F73AA62" }, { "vulnerable": true, "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943" } ] } ] } ], "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148506", "source": "secalert@redhat.com", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GTVPHLLXJ65BUMFBUUZ35F3J632SLFRK/", "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O/", "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg04143.html", "source": "secalert@redhat.com", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url": "https://security.netapp.com/advisory/ntap-20230127-0012/", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] } ] }