OpenCVE

An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport, respectively, if data_count == block_size. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Qemu	Qemu

Configuration 1 [-]

OR	cpe:2.3:a:qemu:qemu::::::::
	cpe:2.3:a:qemu:qemu:7.1.0:-::::::
	cpe:2.3:a:qemu:qemu:7.1.0:rc0::::::
	cpe:2.3:a:qemu:qemu:7.1.0:rc1::::::
	cpe:2.3:a:qemu:qemu:7.1.0:rc2::::::
	cpe:2.3:a:qemu:qemu:7.1.0:rc3::::::
	cpe:2.3:a:qemu:qemu:7.1.0:rc4::::::

No data.

References

Link	Providers
https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg01068.html
https://nvd.nist.gov/vuln/detail/CVE-2022-3872
https://security.netapp.com/advisory/ntap-20221215-0005/
https://www.cve.org/CVERecord?id=CVE-2022-3872

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2022-11-07T00:00:00

Updated: 2024-08-03T01:20:58.804Z

Reserved: 2022-11-07T00:00:00

Link: CVE-2022-3872

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-11-07T21:15:09.610

Modified: 2023-02-23T01:35:36.783

Link: CVE-2022-3872

Redhat

Severity : Moderate

Publid Date: 2022-11-07T00:00:00Z

Links: CVE-2022-3872 - Bugzilla

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CA070CC-24AA-4C01-9F0F-95510AAD1FEF", "versionEndExcluding": "7.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:7.1.0:-:*:*:*:*:*:*", "matchCriteriaId": "0B7A9793-EF05-47C7-AD2B-608427BA997D", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:7.1.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "AF2A5D26-797F-4F48-B155-1369E5383A49", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:7.1.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "4CAFFA33-3500-4F26-BAA8-5E7361FAB5CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:7.1.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "B01B61C5-2FF3-414E-BFC0-C6629703109E", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:7.1.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "3FF10817-AE56-41F7-B9C6-EE1E77137858", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:7.1.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "E44179B6-664C-40AD-865F-7BB2FAD64C39", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport, respectively, if data_count == block_size. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition."}, {"lang": "es", "value": "Se encontr\u00f3 un problema de lectura/escritura de uno en uno en el dispositivo SDHCI de QEMU. Ocurre al leer/escribir el registro del Puerto de Datos del B\u00fafer en sdhci_read_dataport y sdhci_write_dataport, respectivamente, si data_count == block_size. Un invitado malintencionado podr\u00eda utilizar esta falla para bloquear el proceso QEMU en el host, lo que resultar\u00eda en una condici\u00f3n de denegaci\u00f3n de servicio."}], "id": "CVE-2022-3872", "lastModified": "2023-02-23T01:35:36.783", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-07T21:15:09.610", "references": [{"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg01068.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20221215-0005/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-193"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank RivenDell, Siqi Chen, and ningqiang (Huawei) for reporting this issue.", "bugzilla": {"description": "QEMU: sdhci: buffer data port register off-by-one read/write", "id": "2140567", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140567"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-193", "details": ["An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport, respectively, if data_count == block_size. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.", "An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport, respectively, if data_count == block_size. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition."], "name": "CVE-2022-3872", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "qemu-kvm-ma", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "virt:rhel/qemu-kvm", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:advanced_virtualization:8::el8", "fix_state": "Not affected", "package_name": "virt:8.2/qemu-kvm", "product_name": "Red Hat Enterprise Linux 8 Advanced Virtualization"}, {"cpe": "cpe:/a:redhat:advanced_virtualization:8::el8", "fix_state": "Not affected", "package_name": "virt:av/qemu-kvm", "product_name": "Red Hat Enterprise Linux 8 Advanced Virtualization"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Not affected", "package_name": "qemu-kvm-rhev", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}], "public_date": "2022-11-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-3872\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-3872"], "statement": "This flaw does not affect the versions of `qemu-kvm` as shipped with Red Hat Enterprise Linux and RHEL Advanced Virtualization, as they do not include support for SDHCI device emulation.", "threat_severity": "Moderate"}