Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2022-4144

Published: 29 November 2022

An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
qemu
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

jammy Needs triage

kinetic Needs triage

trusty Needs triage

upstream Needs triage

xenial Needs triage