Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-0216

Опубликовано: 28 мар. 2022
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service.

Отчет

The qemu-kvm package versions as shipped with Red Hat Enterprise Linux and RHEL Advanced Virtualization are not affected by this issue, as they are not built with LSI53C895A support.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6qemu-kvmNot affected
Red Hat Enterprise Linux 7qemu-kvmNot affected
Red Hat Enterprise Linux 7qemu-kvm-maNot affected
Red Hat Enterprise Linux 8virt:rhel/qemu-kvmNot affected
Red Hat Enterprise Linux 8 Advanced Virtualizationvirt:8.2/qemu-kvmNot affected
Red Hat Enterprise Linux 8 Advanced Virtualizationvirt:av/qemu-kvmNot affected
Red Hat Enterprise Linux 9qemu-kvmNot affected
Red Hat OpenStack Platform 10 (Newton)qemu-kvm-rhevNot affected
Red Hat OpenStack Platform 13 (Queens)qemu-kvm-rhevNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=2036953QEMU: use-after-free in lsi_do_msgout function in hw/scsi/lsi53c895a.c

EPSS

Процентиль: 1%
0.00012
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-0216

CVSS3: 4.4
ubuntu
около 3 лет назад

A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service.

nvd логотип

CVE-2022-0216

CVSS3: 4.4
nvd
около 3 лет назад

A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service.

msrc логотип

CVE-2022-0216

CVSS3: 4.4
msrc
около 2 месяцев назад

A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service.

debian логотип

CVE-2022-0216

CVSS3: 4.4
debian
около 3 лет назад

A use-after-free vulnerability was found in the LSI53C895A SCSI Host B ...

github логотип

GHSA-jr85-6g96-46pc

CVSS3: 4.4
github
около 3 лет назад

A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service.

EPSS

Процентиль: 1%
0.00012
Низкий

5.3 Medium

CVSS3