Vulnerability CVE-2022-0216: Information

Description

A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service.

Severity: MEDIUM (4.4) Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2022-0216
Published: Aug. 26, 2022
Modified: Feb. 13, 2023
Error type identifier: CWE-416

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
pve-qemusisyphus7.1.0-alt18.1.5-alt1ALT-PU-2022-3081-1310016Fixed
pve-qemup107.1.0-alt47.2.0-alt4ALT-PU-2022-3390-1307814Fixed
pve-qemuc10f17.1.0-alt47.2.0-alt3ALT-PU-2022-3390-1307814Fixed
pve-qemup117.1.0-alt18.1.5-alt1ALT-PU-2022-3081-1310016Fixed
qemusisyphus6.0.0-alt18.2.3-alt1ALT-PU-2021-1767-1271256Fixed
qemusisyphus_e2k7.2.0-alt3.E2K.37.2.0-alt3.E2K.4ALT-PU-2024-1953-1-Fixed
qemusisyphus_riscv647.1.0-alt18.0.3-alt0.1.rv64ALT-PU-2022-7149-1-Fixed
qemup108.0.0-alt1.p108.2.2-alt0.p10.1ALT-PU-2023-1830-1320227Fixed
qemup10_e2k7.2.0-alt3.E2K.07.2.0-alt3.E2K.3ALT-PU-2023-6766-1-Fixed
qemuc10f18.0.0-alt1.p108.2.2-alt0.p10.1ALT-PU-2023-1869-1321192Fixed
qemup116.0.0-alt18.2.3-alt1ALT-PU-2021-1767-1271256Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://gitlab.com/qemu-project/qemu/-/commit/4367a20cc4
  • Patch
  • Third Party Advisory
https://access.redhat.com/security/cve/CVE-2022-0216
  • Third Party Advisory
https://starlabs.sg/advisories/22/22-0216/
  • Exploit
  • Third Party Advisory
https://gitlab.com/qemu-project/qemu/-/issues/972
  • Exploit
  • Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2036953
  • Issue Tracking
  • Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTY7TVHX62OJWF6IOBCIGLR2N5K4QN3E/

      1. Configuration 1

        cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
        End excliding
        6.0.0

        Configuration 2

        cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.5.3
    Back to top