Описание
An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| devel | not-affected | 1:7.2+dfsg-5ubuntu2 |
| esm-infra-legacy/trusty | released | 2.0.0+dfsg-2ubuntu1.47+esm3 |
| esm-infra/bionic | released | 1:2.11+dfsg-1ubuntu7.42+esm1 |
| esm-infra/focal | released | 1:4.2-3ubuntu6.27 |
| esm-infra/xenial | released | 1:2.5+dfsg-5ubuntu10.51+esm2 |
| focal | released | 1:4.2-3ubuntu6.27 |
| jammy | released | 1:6.2+dfsg-2ubuntu6.11 |
| kinetic | released | 1:7.0+dfsg-7ubuntu2.6 |
| lunar | not-affected | 1:7.2+dfsg-5ubuntu2 |
Показывать по
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition.
An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition.
An out-of-bounds read flaw was found in the QXL display device emulati ...
EPSS
6.5 Medium
CVSS3