Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2022-35414

Published: 11 July 2022

** DISPUTED ** softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here, i.e., "Bugs affecting the non-virtualization use case are not considered security bugs at this time."

Notes

AuthorNote
mdeslaur
this CVE has been disputed, marking as not-affected

Priority

Medium

Cvss 3 Severity Score

8.8

Score breakdown

Status

Package Release Status
qemu
Launchpad, Ubuntu, Debian
impish Ignored
(end of life)
jammy Not vulnerable

bionic Not vulnerable
(code not present)
focal Not vulnerable
(code not present)
trusty Not vulnerable
(code not present)
upstream Needs triage

xenial Not vulnerable
(code not present)
kinetic Not vulnerable

Patches:
upstream: https://github.com/qemu/qemu/commit/418ade7849ce7641c0f7333718caf5091a02fd4c

Severity score breakdown

Parameter Value
Base score 8.8
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Scope Changed
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H