VYPR
Unrated severityNVD Advisory· Published Aug 22, 2023· Updated Oct 3, 2024

CVE-2022-36648

CVE-2022-36648

Description

The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has been disputed by multiple third parties as not a valid vulnerability due to the rocker device not falling within the virtualization use case.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • QEMU/Qemucpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <=7.0.0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.