{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-36648", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-10-03T17:29:51.199Z", "dateReserved": "2022-07-25T00:00:00", "datePublished": "2023-08-22T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-05-13T22:21:08.483057"}, "descriptions": [{"lang": "en", "value": "The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has been disputed by multiple third parties as not a valid vulnerability due to the rocker device not falling within the virtualization use case."}], "tags": ["disputed"], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://lists.nongnu.org/archive/html/qemu-devel/2022-06/msg04469.html"}, {"url": "https://security.netapp.com/advisory/ntap-20231006-0004/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T10:07:34.533Z"}, "title": "CVE Program Container", "references": [{"url": "https://lists.nongnu.org/archive/html/qemu-devel/2022-06/msg04469.html", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20231006-0004/", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-03T17:28:53.375328Z", "id": "CVE-2022-36648", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-03T17:29:51.199Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.nongnu.org/archive/html/qemu-devel/2022-06/msg04469.html", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20231006-0004/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T10:07:34.533Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-36648", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-03T17:28:53.375328Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-03T17:29:07.555Z"}}], "cna": {"tags": ["disputed"], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://lists.nongnu.org/archive/html/qemu-devel/2022-06/msg04469.html"}, {"url": "https://security.netapp.com/advisory/ntap-20231006-0004/"}], "descriptions": [{"lang": "en", "value": "The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has been disputed by multiple third parties as not a valid vulnerability due to the rocker device not falling within the virtualization use case."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-05-13T22:21:08.483057"}}}, "cveMetadata": {"cveId": "CVE-2022-36648", "state": "PUBLISHED", "dateUpdated": "2024-10-03T17:29:51.199Z", "dateReserved": "2022-07-25T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2023-08-22T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "1DF0ABE8-A09F-4971-B133-1996011C65F7", "versionEndIncluding": "7.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has been disputed by multiple third parties as not a valid vulnerability due to the rocker device not falling within the virtualization use case."}, {"lang": "es", "value": "La emulaci\u00f3n de hardware en el of_dpa_cmd_add_l2_flood del modelo de dispositivo rocker en QEMU, tal y como se utiliza en versiones 7.0.0 y anteriores, permite a atacantes remotos bloquear al host qemu y potencialmente ejecutar c\u00f3digo en el host a trav\u00e9s de ejecutar un programa malformado en el SO invitado."}], "id": "CVE-2022-36648", "lastModified": "2024-08-03T10:15:50.250", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-22T19:16:23.293", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Patch"], "url": "https://lists.nongnu.org/archive/html/qemu-devel/2022-06/msg04469.html"}, {"source": "cve@mitre.org", "url": "https://security.netapp.com/advisory/ntap-20231006-0004/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "QEMU: rocker: NULL pointer dereference in of_dpa_cmd_add_l2_flood()", "id": "2256592", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256592"}, "csaw": false, "cvss3": {"cvss3_base_score": "0.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "status": "draft"}, "cwe": "CWE-476", "details": ["The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has been disputed by multiple third parties as not a valid vulnerability due to the rocker device not falling within the virtualization use case.", "A NULL pointer dereference bug was found in the rocker device (emulated ethernet switch) of QEMU. The rocker_tlv_parse_nested() function could return early because of no group ids in the group_tlvs array. In such case, the tlvs pointer is NULL and tlvs[i + 1] in the next for-loop iteration ends up dereferencing a NULL pointer."], "name": "CVE-2022-36648", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "qemu-kvm-ma", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "virt:rhel/qemu-kvm", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:advanced_virtualization:8::el8", "fix_state": "Not affected", "package_name": "virt:av/qemu-kvm", "product_name": "Red Hat Enterprise Linux 8 Advanced Virtualization"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2023-08-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-36648\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-36648\nhttps://gitlab.com/qemu-project/qemu/-/issues/1851\nhttps://lists.nongnu.org/archive/html/qemu-devel/2023-08/msg04621.html"], "statement": "Red Hat Enterprise Linux and RHEL Advanced Virtualization are not affected by this bug, as the rocker device is not built and shipped with Red Hat `qemu-kvm` packages. Also, according to the QEMU upstream security guidelines [1] Red Hat Product Security does not consider this to be a vulnerability because it does not fall under the Virtualization Use Case; the rocker device is mainly used in development environments where the guest is assumed to be trusted.\n[1] https://www.qemu.org/docs/master/system/security.html"}