An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could use these flaws to crash the QEMU process on the host.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2022-11-29T00:00:00
Updated: 2024-08-03T01:34:48.810Z
Reserved: 2022-11-28T00:00:00
Link: CVE-2022-4172
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-11-29T18:15:10.623
Modified: 2024-11-21T07:34:42.873
Link: CVE-2022-4172
Redhat