CVE-2022-3872 - OpenCVE

An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport, respectively, if data_count == block_size. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Qemu	Qemu

Configuration 1 [-]

OR	cpe:2.3:a:qemu:qemu::::::::
	cpe:2.3:a:qemu:qemu:7.1.0:-::::::
	cpe:2.3:a:qemu:qemu:7.1.0:rc0::::::
	cpe:2.3:a:qemu:qemu:7.1.0:rc1::::::
	cpe:2.3:a:qemu:qemu:7.1.0:rc2::::::
	cpe:2.3:a:qemu:qemu:7.1.0:rc3::::::
	cpe:2.3:a:qemu:qemu:7.1.0:rc4::::::

References

Link	Resource
https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg01068.html	Mailing List Patch Third Party Advisory
https://security.netapp.com/advisory/ntap-20221215-0005/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2022-11-07T00:00:00

Updated: 2022-12-15T00:00:00

Reserved: 2022-11-07T00:00:00

Link: CVE-2022-3872

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-11-07T21:15:09.610

Modified: 2023-02-23T01:35:36.783

Link: CVE-2022-3872

JSON object: View

Redhat Information

No data.

CWE

CWE-193

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CA070CC-24AA-4C01-9F0F-95510AAD1FEF", "versionEndExcluding": "7.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:7.1.0:-:*:*:*:*:*:*", "matchCriteriaId": "0B7A9793-EF05-47C7-AD2B-608427BA997D", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:7.1.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "AF2A5D26-797F-4F48-B155-1369E5383A49", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:7.1.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "4CAFFA33-3500-4F26-BAA8-5E7361FAB5CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:7.1.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "B01B61C5-2FF3-414E-BFC0-C6629703109E", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:7.1.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "3FF10817-AE56-41F7-B9C6-EE1E77137858", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:7.1.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "E44179B6-664C-40AD-865F-7BB2FAD64C39", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport, respectively, if data_count == block_size. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition."}, {"lang": "es", "value": "Se encontr\u00f3 un problema de lectura/escritura de uno en uno en el dispositivo SDHCI de QEMU. Ocurre al leer/escribir el registro del Puerto de Datos del B\u00fafer en sdhci_read_dataport y sdhci_write_dataport, respectivamente, si data_count == block_size. Un invitado malintencionado podr\u00eda utilizar esta falla para bloquear el proceso QEMU en el host, lo que resultar\u00eda en una condici\u00f3n de denegaci\u00f3n de servicio."}], "id": "CVE-2022-3872", "lastModified": "2023-02-23T01:35:36.783", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-07T21:15:09.610", "references": [{"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg01068.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20221215-0005/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-193"}], "source": "secalert@redhat.com", "type": "Primary"}]}