Out-of-Bounds Read Vulnerability in QEMU's QXL Display Device Emulation
CVE-2022-4144

6.5MEDIUM

Key Information:

Vendor: Qemu
Status: Qemu (qxl Device)
Vendor: CVE Published:; 29 November 2022

What is CVE-2022-4144?

An out-of-bounds read vulnerability exists in the QXL display device emulation in QEMU. This flaw arises from the qxl_phys2virt() function, which fails to properly validate the size of the structure that corresponds to a given guest physical address. This oversight allows the potential for reading beyond the intended buffer size and into adjacent memory pages. A malicious guest could exploit this vulnerability to cause the QEMU process on the host to crash, leading to a denial of service condition, thereby impacting system availability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

QEMU (QXL device) affects versions up to latest v7.1.0

References

https://bugzilla.redhat.com/show_bug.cgi?id=2148506

https://lists.nongnu.org/archive/html/qemu-devel/2022-11/...

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Nov 29, 2022
Vulnerability Reserved
Nov 25, 2022

JSON

Qemu

What is CVE-2022-4144?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.