Off-by-One Read/Write Issue in QEMU's SDHCI Device
CVE-2022-3872

8.6HIGH

Key Information:

Vendor: Qemu
Status: Qemu
Vendor: CVE Published:; 7 November 2022

What is CVE-2022-3872?

An off-by-one read/write issue has been identified in the SDHCI device of QEMU that allows for potential manipulation during the interaction with the Buffer Data Port Register. If a malicious guest sends specific data that results in an equality between data_count and block_size, it can exploit this vulnerability to crash the QEMU host process. This may lead to a denial of service condition, impacting the overall stability and availability of services that rely on the affected QEMU instance. Organizations should address this vulnerability by applying the latest updates.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

QEMU Affected: up to latest v7.1.0-rc4

References

https://lists.nongnu.org/archive/html/qemu-devel/2022-11/...

https://security.netapp.com/advisory/ntap-20221215-0005/

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Nov 7, 2022
Vulnerability Reserved
Nov 7, 2022

JSON

Qemu

What is CVE-2022-3872?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.