{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-4172", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-03T01:34:48.810Z", "dateReserved": "2022-11-28T00:00:00", "datePublished": "2022-11-29T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-01-27T00:00:00"}, "descriptions": [{"lang": "en", "value": "An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could use these flaws to crash the QEMU process on the host."}], "affected": [{"vendor": "n/a", "product": "QEMU (ACPI ERST)", "versions": [{"version": "Affected: 7.0.0, Fixed: 7.2.0-rc0", "status": "affected"}]}], "references": [{"url": "https://lore.kernel.org/qemu-devel/20221024154233.1043347-1-lk%40c--e.de/"}, {"url": "https://gitlab.com/qemu-project/qemu/-/issues/1268"}, {"url": "https://gitlab.com/qemu-project/qemu/-/commit/defb7098"}, {"name": "FEDORA-2022-22b1f8dae2", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O/"}, {"url": "https://security.netapp.com/advisory/ntap-20230127-0013/"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-120, CWE-190", "cweId": "CWE-120"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:34:48.810Z"}, "title": "CVE Program Container", "references": [{"url": "https://lore.kernel.org/qemu-devel/20221024154233.1043347-1-lk%40c--e.de/", "tags": ["x_transferred"]}, {"url": "https://gitlab.com/qemu-project/qemu/-/issues/1268", "tags": ["x_transferred"]}, {"url": "https://gitlab.com/qemu-project/qemu/-/commit/defb7098", "tags": ["x_transferred"]}, {"name": "FEDORA-2022-22b1f8dae2", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O/"}, {"url": "https://security.netapp.com/advisory/ntap-20230127-0013/", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:7.0.0:-:*:*:*:*:*:*", "matchCriteriaId": "8F114FE7-3E39-4CEA-8CA7-E82E04B2BC51", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could use these flaws to crash the QEMU process on the host."}, {"lang": "es", "value": "Se encontraron problemas de desbordamiento de enteros y desbordamiento de b\u00fafer en el dispositivo ACPI Error Record Serialization Table (ERST) de QEMU en las funciones read_erst_record() y write_erst_record(). Ambos problemas pueden permitir que el hu\u00e9sped sobrecargue el b\u00fafer del host asignado para el dispositivo de memoria ERST. Un invitado malintencionado podr\u00eda utilizar estos fallos para bloquear el proceso QEMU en el host."}], "id": "CVE-2022-4172", "lastModified": "2024-11-21T07:34:42.873", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-29T18:15:10.623", "references": [{"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://gitlab.com/qemu-project/qemu/-/commit/defb7098"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://gitlab.com/qemu-project/qemu/-/issues/1268"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O/"}, {"source": "secalert@redhat.com", "url": "https://lore.kernel.org/qemu-devel/20221024154233.1043347-1-lk%40c--e.de/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20230127-0013/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://gitlab.com/qemu-project/qemu/-/commit/defb7098"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://gitlab.com/qemu-project/qemu/-/issues/1268"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lore.kernel.org/qemu-devel/20221024154233.1043347-1-lk%40c--e.de/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20230127-0013/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2023:2162", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "qemu-kvm-17:7.2.0-14.el9_2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-05-09T00:00:00Z"}], "bugzilla": {"description": "QEMU: ACPI ERST: memory corruption issues in read_erst_record and write_erst_record", "id": "2149105", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149105"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "status": "verified"}, "cwe": "(CWE-120|CWE-190)", "details": ["An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could use these flaws to crash the QEMU process on the host.", "An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could use these flaws to crash the QEMU process on the host. Arbitrary code execution was deemed unlikely."], "name": "CVE-2022-4172", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "qemu-kvm-ma", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "virt:rhel/qemu-kvm", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:advanced_virtualization:8::el8", "fix_state": "Not affected", "package_name": "virt:8.2/qemu-kvm", "product_name": "Red Hat Enterprise Linux 8 Advanced Virtualization"}, {"cpe": "cpe:/a:redhat:advanced_virtualization:8::el8", "fix_state": "Not affected", "package_name": "virt:av/qemu-kvm", "product_name": "Red Hat Enterprise Linux 8 Advanced Virtualization"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Not affected", "package_name": "qemu-kvm-rhev", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}], "public_date": "2022-10-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-4172\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-4172"], "statement": "Red Hat Enterprise Linux 6, 7, 8 and RHEL Advanced Virtualization are not affected by this CVE as they did not include support for ACPI ERST (introduced upstream in version 7.0.0).", "threat_severity": "Moderate"}