CVE-2022-4172 - OpenCVE

An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could use these flaws to crash the QEMU process on the host.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fedoraproject	Fedora
Qemu	Qemu
Redhat	Enterprise Linux

Configuration 1 [-]

cpe:2.3:a:qemu:qemu:7.0.0:-:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 9
qemu-kvm-17:7.2.0-14.el9_2	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:2162	2023-05-09T00:00:00Z

References

Link	Providers
https://gitlab.com/qemu-project/qemu/-/commit/defb7098
https://gitlab.com/qemu-project/qemu/-/issues/1268
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O/
https://lore.kernel.org/qemu-devel/20221024154233.1043347-1-lk%40c--e.de/
https://nvd.nist.gov/vuln/detail/CVE-2022-4172
https://security.netapp.com/advisory/ntap-20230127-0013/
https://www.cve.org/CVERecord?id=CVE-2022-4172

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2022-11-29T00:00:00

Updated: 2024-08-03T01:34:48.810Z

Reserved: 2022-11-28T00:00:00

Link: CVE-2022-4172

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-11-29T18:15:10.623

Modified: 2023-11-07T03:57:08.283

Link: CVE-2022-4172

Redhat

Severity : Moderate

Publid Date: 2022-10-19T00:00:00Z

Links: CVE-2022-4172 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-4172", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-03T01:34:48.810Z", "dateReserved": "2022-11-28T00:00:00", "datePublished": "2022-11-29T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-01-27T00:00:00"}, "descriptions": [{"lang": "en", "value": "An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could use these flaws to crash the QEMU process on the host."}], "affected": [{"vendor": "n/a", "product": "QEMU (ACPI ERST)", "versions": [{"version": "Affected: 7.0.0, Fixed: 7.2.0-rc0", "status": "affected"}]}], "references": [{"url": "https://lore.kernel.org/qemu-devel/20221024154233.1043347-1-lk%40c--e.de/"}, {"url": "https://gitlab.com/qemu-project/qemu/-/issues/1268"}, {"url": "https://gitlab.com/qemu-project/qemu/-/commit/defb7098"}, {"name": "FEDORA-2022-22b1f8dae2", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O/"}, {"url": "https://security.netapp.com/advisory/ntap-20230127-0013/"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-120, CWE-190", "cweId": "CWE-120"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:34:48.810Z"}, "title": "CVE Program Container", "references": [{"url": "https://lore.kernel.org/qemu-devel/20221024154233.1043347-1-lk%40c--e.de/", "tags": ["x_transferred"]}, {"url": "https://gitlab.com/qemu-project/qemu/-/issues/1268", "tags": ["x_transferred"]}, {"url": "https://gitlab.com/qemu-project/qemu/-/commit/defb7098", "tags": ["x_transferred"]}, {"name": "FEDORA-2022-22b1f8dae2", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O/"}, {"url": "https://security.netapp.com/advisory/ntap-20230127-0013/", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:7.0.0:-:*:*:*:*:*:*", "matchCriteriaId": "8F114FE7-3E39-4CEA-8CA7-E82E04B2BC51", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could use these flaws to crash the QEMU process on the host."}, {"lang": "es", "value": "Se encontraron problemas de desbordamiento de enteros y desbordamiento de b\u00fafer en el dispositivo ACPI Error Record Serialization Table (ERST) de QEMU en las funciones read_erst_record() y write_erst_record(). Ambos problemas pueden permitir que el hu\u00e9sped sobrecargue el b\u00fafer del host asignado para el dispositivo de memoria ERST. Un invitado malintencionado podr\u00eda utilizar estos fallos para bloquear el proceso QEMU en el host."}], "id": "CVE-2022-4172", "lastModified": "2023-11-07T03:57:08.283", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-29T18:15:10.623", "references": [{"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://gitlab.com/qemu-project/qemu/-/commit/defb7098"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://gitlab.com/qemu-project/qemu/-/issues/1268"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O/"}, {"source": "secalert@redhat.com", "url": "https://lore.kernel.org/qemu-devel/20221024154233.1043347-1-lk%40c--e.de/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20230127-0013/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:2162", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "qemu-kvm-17:7.2.0-14.el9_2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-05-09T00:00:00Z"}], "bugzilla": {"description": "QEMU: ACPI ERST: memory corruption issues in read_erst_record and write_erst_record", "id": "2149105", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149105"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "status": "verified"}, "cwe": "(CWE-120|CWE-190)", "details": ["An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could use these flaws to crash the QEMU process on the host.", "An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could use these flaws to crash the QEMU process on the host. Arbitrary code execution was deemed unlikely."], "name": "CVE-2022-4172", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "qemu-kvm-ma", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "virt:rhel/qemu-kvm", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:advanced_virtualization:8::el8", "fix_state": "Not affected", "package_name": "virt:8.2/qemu-kvm", "product_name": "Red Hat Enterprise Linux 8 Advanced Virtualization"}, {"cpe": "cpe:/a:redhat:advanced_virtualization:8::el8", "fix_state": "Not affected", "package_name": "virt:av/qemu-kvm", "product_name": "Red Hat Enterprise Linux 8 Advanced Virtualization"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Not affected", "package_name": "qemu-kvm-rhev", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}], "public_date": "2022-10-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-4172\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-4172"], "statement": "Red Hat Enterprise Linux 6, 7, 8 and RHEL Advanced Virtualization are not affected by this CVE as they did not include support for ACPI ERST (introduced upstream in version 7.0.0).", "threat_severity": "Moderate", "upstream_fix": "qemu-kvm 7.2.0-rc0"}