Memory corruption issues (integer overflow and buffer overflow) were found in the ACPI ERST device of QEMU in the read_erst_record() and write_erst_record() functions. For more information about ACPI ERST, see https://www.qemu.org/docs/master/specs/acpi_erst.html. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could use these flaws to crash the QEMU process on the host. Arbitrary code execution was deemed unlikely. Upstream patch: https://lore.kernel.org/qemu-devel/20221019191522.1004804-1-lk@c--e.de/ [v1] https://lore.kernel.org/qemu-devel/20221024154233.1043347-1-lk@c--e.de/ [v2] Upstream issue & commit: https://gitlab.com/qemu-project/qemu/-/issues/1268 https://gitlab.com/qemu-project/qemu/-/commit/defb7098
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 2149106]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:2162 https://access.redhat.com/errata/RHSA-2023:2162
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-4172