Unrated severityNVD Advisory· Published Nov 29, 2022· Updated Apr 14, 2025
CVE-2022-4172
CVE-2022-4172
Description
An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could use these flaws to crash the QEMU process on the host.
Affected products
21- QEMU/QEMUdescription
- osv-coords20 versionspkg:rpm/almalinux/qemu-guest-agentpkg:rpm/almalinux/qemu-imgpkg:rpm/almalinux/qemu-kvmpkg:rpm/almalinux/qemu-kvm-audio-papkg:rpm/almalinux/qemu-kvm-block-curlpkg:rpm/almalinux/qemu-kvm-block-rbdpkg:rpm/almalinux/qemu-kvm-commonpkg:rpm/almalinux/qemu-kvm-corepkg:rpm/almalinux/qemu-kvm-device-display-virtio-gpupkg:rpm/almalinux/qemu-kvm-device-display-virtio-gpu-ccwpkg:rpm/almalinux/qemu-kvm-device-display-virtio-gpu-pcipkg:rpm/almalinux/qemu-kvm-device-display-virtio-vgapkg:rpm/almalinux/qemu-kvm-device-usb-hostpkg:rpm/almalinux/qemu-kvm-device-usb-redirectpkg:rpm/almalinux/qemu-kvm-docspkg:rpm/almalinux/qemu-kvm-toolspkg:rpm/almalinux/qemu-kvm-ui-egl-headlesspkg:rpm/almalinux/qemu-kvm-ui-openglpkg:rpm/almalinux/qemu-pr-helperpkg:rpm/opensuse/qemu&distro=openSUSE%20Tumbleweed
< 17:7.2.0-14.el9_2+ 19 more
- (no CPE)range: < 17:7.2.0-14.el9_2
- (no CPE)range: < 17:7.2.0-14.el9_2
- (no CPE)range: < 17:7.2.0-14.el9_2
- (no CPE)range: < 17:7.2.0-14.el9_2
- (no CPE)range: < 17:7.2.0-14.el9_2
- (no CPE)range: < 17:7.2.0-14.el9_2
- (no CPE)range: < 17:7.2.0-14.el9_2
- (no CPE)range: < 17:7.2.0-14.el9_2
- (no CPE)range: < 17:7.2.0-14.el9_2
- (no CPE)range: < 17:7.2.0-14.el9_2
- (no CPE)range: < 17:7.2.0-14.el9_2
- (no CPE)range: < 17:7.2.0-14.el9_2
- (no CPE)range: < 17:7.2.0-14.el9_2
- (no CPE)range: < 17:7.2.0-14.el9_2
- (no CPE)range: < 17:7.2.0-14.el9_2
- (no CPE)range: < 17:7.2.0-14.el9_2
- (no CPE)range: < 17:7.2.0-14.el9_2
- (no CPE)range: < 17:7.2.0-14.el9_2
- (no CPE)range: < 17:7.2.0-14.el9_2
- (no CPE)range: < 7.1.0-10.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O/mitrevendor-advisory
- gitlab.com/qemu-project/qemu/-/commit/defb7098mitre
- gitlab.com/qemu-project/qemu/-/issues/1268mitre
- lore.kernel.org/qemu-devel/20221024154233.1043347-1-lk%40c--e.de/mitre
- security.netapp.com/advisory/ntap-20230127-0013/mitre
News mentions
0No linked articles in our index yet.