CVE-2022-36648

The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has been disputed by multiple third parties as not a valid vulnerability due to the rocker device not falling within the virtualization use case.
Configurations

Configuration 1 (hide)

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:13

Type Values Removed Values Added
References () https://lists.nongnu.org/archive/html/qemu-devel/2022-06/msg04469.html - Mailing List, Patch () https://lists.nongnu.org/archive/html/qemu-devel/2022-06/msg04469.html - Mailing List, Patch
References () https://security.netapp.com/advisory/ntap-20231006-0004/ - () https://security.netapp.com/advisory/ntap-20231006-0004/ -

14 May 2024, 11:08

Type Values Removed Values Added
Summary
  • (es) La emulación de hardware en el of_dpa_cmd_add_l2_flood del modelo de dispositivo rocker en QEMU, tal y como se utiliza en versiones 7.0.0 y anteriores, permite a atacantes remotos bloquear al host qemu y potencialmente ejecutar código en el host a través de ejecutar un programa malformado en el SO invitado.
Summary (en) The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. (en) The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has been disputed by multiple third parties as not a valid vulnerability due to the rocker device not falling within the virtualization use case.

Information

Published : 2023-08-22 19:16

Updated : 2024-11-21 07:13


NVD link : CVE-2022-36648

Mitre link : CVE-2022-36648

CVE.ORG link : CVE-2022-36648


JSON object : View

Products Affected

qemu

  • qemu
CWE
CWE-476

NULL Pointer Dereference