Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-0216

Опубликовано: 26 авг. 2022
Источник: debian
EPSS Низкий

Описание

A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
qemufixed1:7.1+dfsg-1package
qemufixed1:5.2+dfsg-11+deb11u3bullseyepackage

Примечания

  • https://bugzilla.redhat.com/show_bug.cgi?id=2036953

  • https://starlabs.sg/advisories/22/22-0216/

  • https://gitlab.com/qemu-project/qemu/-/issues/972

  • https://gitlab.com/qemu-project/qemu/-/commit/6c8fa961da5e60f574bb52fd3ad44b1e9e8ad4b8 (v7.1.0-rc0)

  • https://gitlab.com/qemu-project/qemu/-/commit/4367a20cc442c56b05611b4224de9a61908f9eac (v7.1.0-rc0)

EPSS

Процентиль: 1%
0.00009
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2022-0216

CVSS3: 4.4
ubuntu
почти 3 года назад

A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service.

redhat логотип

CVE-2022-0216

CVSS3: 5.3
redhat
около 3 лет назад

A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service.

nvd логотип

CVE-2022-0216

CVSS3: 4.4
nvd
почти 3 года назад

A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service.

github логотип

GHSA-jr85-6g96-46pc

CVSS3: 4.4
github
почти 3 года назад

A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service.

oracle-oval логотип

ELSA-2022-9986

oracle-oval
больше 2 лет назад

ELSA-2022-9986: kvm_utils security update (IMPORTANT)

EPSS

Процентиль: 1%
0.00009
Низкий